Vai al contenuto

Vaccino

Traduzione: Copia tutti i comandi Traduzione: Generare PDF < > HashiCorp completo Comandi e flussi di lavoro Vault per la gestione dei segreti, la crittografia e l'accesso sicuro ai dati sensibili. ## Installazione e configurazione | | Command | Description | | | --- | --- | | | `vault version` | Show Vault version | | | | `vault server -dev` | Start development server | | | | `vault server -config=config.hcl` | Start with configuration file | | | | `vault status` | Check server status | | ## Autenticazione & Login ### Autenticazione di base | | Command | Description | | | --- | --- | | | `vault auth -method=userpass username=myuser` | Login with username/password | | | | `vault auth -method=ldap username=myuser` | Login with LDAP | | | | `vault auth -method=github token=mytoken` | Login with GitHub | | | | `vault auth -method=aws` | Login with AWS IAM | | | | `vault auth -method=kubernetes` | Login with Kubernetes | | ### Gestione dei token | | Command | Description | | | --- | --- | | | `vault token create` | Create new token | | | | `vault token create -ttl=1h` | Create token with TTL | | | | `vault token lookup` | Look up current token | | | | `vault token renew` | Renew current token | | | | `vault token revoke TOKEN` | Revoke specific token | | ## Gestione dei segreti ### Segreti chiave-valore (v2) | | Command | Description | | | --- | --- | | | `vault kv put secret/myapp username=admin password=secret` | Store secret | | | | `vault kv get secret/myapp` | Retrieve secret | | | | `vault kv get -field=password secret/myapp` | Get specific field | | | | `vault kv delete secret/myapp` | Delete secret | | | | `vault kv list secret/` | List secrets | | | | `vault kv metadata get secret/myapp` | Get metadata | | ### Versioni segrete | | Command | Description | | | --- | --- | | | `vault kv put secret/myapp @data.json` | Store from JSON file | | | | `vault kv get -version=2 secret/myapp` | Get specific version | | | | `vault kv rollback -version=1 secret/myapp` | Rollback to version | | | | `vault kv destroy -versions=2,3 secret/myapp` | Destroy versions | | | | `vault kv undelete -versions=2 secret/myapp` | Undelete versions | | ## Database Secrets Engine ### Configurazione del database | | Command | Description | | | --- | --- | | | `vault secrets enable database` | Enable database engine | | | | `vault write database/config/my-mysql-database plugin_name=mysql-database-plugin connection_url="\\{\\{username\\}\\}:\\{\\{password\\}\\}@tcp(localhost:3306)/" allowed_roles="my-role" username="vaultuser" password="vaultpass"` | Configure MySQL | | | | `vault write database/roles/my-role db_name=my-mysql-database creation_statements="CREATE USER '\\{\\{name\\}\\}'@'%' IDENTIFIED BY '\\{\\{password\\}\\}';GRANT SELECT ON *.* TO '\\{\\{name\\}\\}'@'%';" default_ttl="1h" max_ttl="24h"` | Create role | | ### Credenziali dinamiche | | Command | Description | | | --- | --- | | | `vault read database/creds/my-role` | Generate database credentials | | | | `vault write database/rotate-root/my-mysql-database` | Rotate root credentials | | ## PKI (Infrastruttura chiave pubblica) ### Set di PKI | | Command | Description | | | --- | --- | | | `vault secrets enable pki` | Enable PKI engine | | | | `vault secrets tune -max-lease-ttl=87600h pki` | Set max TTL | | | | `vault write pki/root/generate/internal common_name=example.com ttl=87600h` | Generate root CA | | | | `vault write pki/config/urls issuing_certificates="http://vault.example.com:8200/v1/pki/ca" crl_distribution_points="http://vault.example.com:8200/v1/pki/crl"` | Configure URLs | | ### Gestione certificati | | Command | Description | | | --- | --- | | | `vault write pki/roles/example-dot-com allowed_domains=example.com allow_subdomains=true max_ttl=72h` | Create role | | | | `vault write pki/issue/example-dot-com common_name=test.example.com` | Issue certificate | | | | `vault write pki/revoke serial_number=39:dd:2e:90:b7:23:1f:8d:d3:7d:31:c5:1b:da:84:d0:5b:65:31:58` | Revoke certificate | | ## AWS Secrets Engine ### Configurazione AWS | | Command | Description | | | --- | --- | | | `vault secrets enable aws` | Enable AWS engine | | | | `vault write aws/config/root access_key=AKIAI... secret_key=R4nm...` | Configure root credentials | | | | `vault write aws/roles/my-role credential_type=iam_user policy_document=-<