Vai al contenuto

Vaccino

Traduzione: Copia tutti i comandi Traduzione: Generare PDF < > HashiCorp completo Comandi e flussi di lavoro Vault per la gestione dei segreti, la crittografia e l'accesso sicuro ai dati sensibili. ## Installazione e configurazione |Command|Description| |---------|-------------| |`vault version`|Show Vault version| |`vault server -dev`|Start development server| |`vault server -config=config.hcl`|Start with configuration file| |`vault status`|Check server status| ## Autenticazione & Login ### Autenticazione di base |Command|Description| |---------|-------------| |`vault auth -method=userpass username=myuser`|Login with username/password| |`vault auth -method=ldap username=myuser`|Login with LDAP| |`vault auth -method=github token=mytoken`|Login with GitHub| |`vault auth -method=aws`|Login with AWS IAM| |`vault auth -method=kubernetes`|Login with Kubernetes| ### Gestione dei token |Command|Description| |---------|-------------| |`vault token create`|Create new token| |`vault token create -ttl=1h`|Create token with TTL| |`vault token lookup`|Look up current token| |`vault token renew`|Renew current token| |`vault token revoke TOKEN`|Revoke specific token| ## Gestione dei segreti ### Segreti chiave-valore (v2) |Command|Description| |---------|-------------| |`vault kv put secret/myapp username=admin password=secret`|Store secret| |`vault kv get secret/myapp`|Retrieve secret| |`vault kv get -field=password secret/myapp`|Get specific field| |`vault kv delete secret/myapp`|Delete secret| |`vault kv list secret/`|List secrets| |`vault kv metadata get secret/myapp`|Get metadata| ### Versioni segrete |Command|Description| |---------|-------------| |`vault kv put secret/myapp @data.json`|Store from JSON file| |`vault kv get -version=2 secret/myapp`|Get specific version| |`vault kv rollback -version=1 secret/myapp`|Rollback to version| |`vault kv destroy -versions=2,3 secret/myapp`|Destroy versions| |`vault kv undelete -versions=2 secret/myapp`|Undelete versions| ## Database Secrets Engine ### Configurazione del database |Command|Description| |---------|-------------| |`vault secrets enable database`|Enable database engine| |`vault write database/config/my-mysql-database plugin_name=mysql-database-plugin connection_url="\\{\\{username\\}\\}:\\{\\{password\\}\\}@tcp(localhost:3306)/" allowed_roles="my-role" username="vaultuser" password="vaultpass"`|Configure MySQL| |`vault write database/roles/my-role db_name=my-mysql-database creation_statements="CREATE USER '\\{\\{name\\}\\}'@'%' IDENTIFIED BY '\\{\\{password\\}\\}';GRANT SELECT ON *.* TO '\\{\\{name\\}\\}'@'%';" default_ttl="1h" max_ttl="24h"`|Create role| ### Credenziali dinamiche |Command|Description| |---------|-------------| |`vault read database/creds/my-role`|Generate database credentials| |`vault write database/rotate-root/my-mysql-database`|Rotate root credentials| ## PKI (Infrastruttura chiave pubblica) ### Set di PKI |Command|Description| |---------|-------------| |`vault secrets enable pki`|Enable PKI engine| |`vault secrets tune -max-lease-ttl=87600h pki`|Set max TTL| |`vault write pki/root/generate/internal common_name=example.com ttl=87600h`|Generate root CA| |`vault write pki/config/urls issuing_certificates="http://vault.example.com:8200/v1/pki/ca" crl_distribution_points="http://vault.example.com:8200/v1/pki/crl"`|Configure URLs| ### Gestione certificati |Command|Description| |---------|-------------| |`vault write pki/roles/example-dot-com allowed_domains=example.com allow_subdomains=true max_ttl=72h`|Create role| |`vault write pki/issue/example-dot-com common_name=test.example.com`|Issue certificate| |`vault write pki/revoke serial_number=39:dd:2e:90:b7:23:1f:8d:d3:7d:31:c5:1b:da:84:d0:5b:65:31:58`|Revoke certificate| ## AWS Secrets Engine ### Configurazione AWS |Command|Description| |---------|-------------| |`vault secrets enable aws`|Enable AWS engine| |`vault write aws/config/root access_key=AKIAI... secret_key=R4nm...`|Configure root credentials| |`vault write aws/roles/my-role credential_type=iam_user policy_document=-<