luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Vault Interactive Tutorial updates (#4623)

Browse source 
* Added more tutorial steps

* Updated the step texts
This commit is contained in:
Yoko 2018-05-24 11:39:02 -07:00 committed by GitHub
parent c7142ce061
commit 6a2d0e71b6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 155 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

155
website/source/_ember_steps.html.erb
View file

@ -19,12 +19,14 @@
<script type="text/x-handlebars" data-template-name="steps"> <script type="text/x-handlebars" data-template-name="steps">
<p> <p>
This tutorial will cover the following steps: This tutorial will walk you through the following:
</p> </p>
<ul> <ul>
<li>- Initializing and unsealing your Vault</li> <li>- Initializing and unsealing your Vault</li>
<li>- Authorizing your requests to Vault</li> <li>- Authorizing your requests to Vault</li>
<li>- Reading and writing secrets</li> <li>- Reading and writing versioned secrets</li>
<li>- Updating the stored secrets</li>
<li>- Deleting the existing secrets</li>
<li>- Sealing your Vault</li> <li>- Sealing your Vault</li>
</ul> </ul>
<p> <p>
@ -92,23 +94,154 @@
</p> </p>
</script> </script>
<script type="text/x-handlebars" data-template-name="secrets"> <script type="text/x-handlebars" data-template-name="list">
<p> <p>
Now that Vault has been set-up, we can start reading and writing secrets Vault's secrets engines are components which store, generate or encrypt data.
with the default enabled secrets engine. Secrets written to Vault List which secret engines have been enabled and ready to use.
are encrypted and then written to the backend storage.
The backend storage mechanism never sees the unencrypted
value and doesn't have the means necessary to decrypt
it without Vault.
</p> </p>
<p> <p>
<code>vault kv put secret/morning weather=sunny</code> <code>vault secrets list</code>
</p>
<p>
Key/Value Version 2 secret engine is enabled at "secret/" which retains a configurable number of data versions.
</p>
</script>
<script type="text/x-handlebars" data-template-name="secrets">
<p>
Now we can start reading and writing secrets with the default enabled
secrets engine. Secrets written to Vault are encrypted and then written
to the backend storage. The backend storage mechanism never sees the
unencrypted value and doesn't have the means necessary to decrypt it
without Vault.
</p>
<p>
<code>vault kv put secret/apikey key="my-test-key"</code>
</p> </p>
<p> <p>
Of course, you can then read this data too: Of course, you can then read this data too:
</p> </p>
<p> <p>
<code>vault kv get secret/morning</code> <code>vault kv get secret/apikey</code>
</p>
</script>
<script type="text/x-handlebars" data-template-name="update">
<p>
Let's update the stored data by running the "put" command again:
</p>
<p>
<code>vault kv put secret/apikey key="my-test-key" owner="dev"</code>
</p>
<p>
This creates version 2 of the data at secret/apikey.
</p>
<p>
What happens if you execute the following command?
</p>
<p>
<code>vault kv put secret/apikey owner="ops"</code>
</p>
<p>
Run the "get" command again to see what values are stored:
</p>
<p>
<code>vault kv get secret/apikey</code>
</p>
</script>
<script type="text/x-handlebars" data-template-name="patch">
<p>
The "put" operation updates the existing data.
When you want to partially update the data without overwriting the rest, use the "patch" command.
</p>
<p>
<code>vault kv patch secret/apikey year="2018"</code>
</p>
<p>
Run the "get" command again to verify that the year was simply added to the existing data:
</p>
<p>
<code>vault kv get secret/apikey</code>
</p>
</script>
<script type="text/x-handlebars" data-template-name="versions">
<p>
The following command retrieves the key metadata at secret/apikey:
</p>
<p>
<code>vault kv metadata get secret/apikey</code>
</p>
<p>
At this point, there are four versions of the data.
To retrieve the first version of the secret:
</p>
<p>
<code>vault kv get -version=1 secret/apikey</code>
</p>
</script>
<script type="text/x-handlebars" data-template-name="delete">
<p>
You can delete specific version(s) of the secret:
</p>
<p>
<code>vault kv delete -versions=1 secret/apikey</code>
</p>
<p>
Retrieve the version 1 of the data again. Since the data was deleted, only the metadata gets displayed with data deletion time.
</p>
<p>
<code>vault kv get -version=1 secret/apikey</code>
</p>
</script>
<script type="text/x-handlebars" data-template-name="recover">
<p>
When the data was deleted unintentionally, you can recover by executing the "undelete" command:
</p>
<p>
<code>vault kv undelete -versions=1 secret/apikey</code>
</p>
<p>
Once the data was recovered, you should be able to retrieve the version 1 of the data successfully:
</p>
<p>
<code>vault kv get -version=1 secret/apikey</code>
</p>
</script>
<script type="text/x-handlebars" data-template-name="destroy">
<p>
To permanently delete the data version(s), perform the "destroy" operation instead of "delete":
</p>
<p>
<code>vault kv destroy -versions=1 secret/apikey</code>
</p>
<p>
Now, the version 1 of the data is no longer recoverable.
</p>
<p>
The following command deletes all versions and metadata at secret/apikey:
</p>
<p>
<code>vault kv metadata delete secret/apikey</code>
</p>
</script>
<script type="text/x-handlebars" data-template-name="help">
<p>
At this point, secret/apikey no longer exists. You can verify it by executing the following command:
</p>
<p>
<code>vault kv list secret/</code>
</p>
<p>
To learn more about the K/V command:
</p>
<p>
<code>vault kv -h</code>
</p> </p>
</script> </script>

14
website/source/assets/javascripts/demo/initializer/load-steps.js
View file

@ -11,9 +11,17 @@ Ember.Application.initializer({
{ id: 2, name: 'init', humanName: "Step 2: Initialize your Vault"}, { id: 2, name: 'init', humanName: "Step 2: Initialize your Vault"},
{ id: 3, name: 'unseal', humanName: "Step 3: Unsealing your Vault"}, { id: 3, name: 'unseal', humanName: "Step 3: Unsealing your Vault"},
{ id: 4, name: 'auth', humanName: "Step 4: Authorize your requests"}, { id: 4, name: 'auth', humanName: "Step 4: Authorize your requests"},
{ id: 5, name: 'secrets', humanName: "Step 6: Read and write secrets"}, { id: 5, name: 'list', humanName: "Step 5: List available secret engines"},
{ id: 6, name: 'seal', humanName: "Step 7: Seal your Vault"}, { id: 6, name: 'secrets', humanName: "Step 6: Read and write secrets"},
{ id: 7, name: 'finish', humanName: "You're finished!"}, { id: 7, name: 'update', humanName: "Step 7: Update the secret data"},
{ id: 8, name: 'patch', humanName: "Step 8: Update the data without overwriting"},
{ id: 9, name: 'versions', humanName: "Step 9: Work with different data versions"},
{ id: 10, name: 'delete', humanName: "Step 10: Delete the data"},
{ id: 11, name: 'recover', humanName: "Step 11: Recover the deleted data"},
{ id: 12, name: 'destroy', humanName: "Step 12: Permanently delete data"},
{ id: 13, name: 'help', humanName: "Step 13: Get Help"},
{ id: 14, name: 'seal', humanName: "Step 14: Seal your Vault"},
{ id: 15, name: 'finish', humanName: "You're finished!"},
] ]
}; };