forked from mulbc/vaultPass
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstart_dev_environment.sh
executable file
·64 lines (53 loc) · 1.99 KB
/
start_dev_environment.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/bin/sh
# This starts the dev Vault environment using Docker / Podman
# This will enable the userpass auth module with the mitchellh user with password foo
GIT_ROOT=$(git rev-parse --show-toplevel)
docker run \
--cap-add=IPC_LOCK \
--detach \
--env 'VAULT_DEV_ROOT_TOKEN_ID=myroot' \
--name=dev-vault \
--publish 8200:8200/tcp \
--publish 10389:10389 \
--publish 10636:10636 \
--pod new:vaultpass-dev \
--rm \
vault
docker run \
--rm \
--detach \
--name=dev-ldap \
--pod vaultpass-dev \
docker.io/rroemhild/test-openldap:latest
VAULT_SETUP="
# Login to Vault
vault login myroot
# Create example secret for google.com domains
vault kv put secret/vaultPass/admin/google.com username=testUser password=unsafe
vault kv put secret/vaultPass/denied/google.com username=testUser password=unsafe
# Enable userpass auth and create example set
vault auth enable userpass
vault write \
auth/userpass/users/mitchellh \
password=foo \
policies=admins
vault write /sys/policy/default policy=@/dev_default.hcl
# Enable LDAP auth
vault auth enable ldap
# Configure LDAP for test-openldap server
vault write auth/ldap/config \
url='ldaps://localhost:10636' \
userattr=uid \
userdn='ou=people,dc=planetexpress,dc=com' \
groupdn='ou=people,dc=planetexpress,dc=com' \
groupfilter='(objectClass=group)' \
groupattr='cn' \
binddn='cn=admin,dc=planetexpress,dc=com' \
bindpass='GoodNewsEveryone' \
insecure_tls=true \
starttls=true
vault write auth/ldap/groups/admin_staff policies=admin
"
docker cp "$GIT_ROOT/dev_default.hcl" dev-vault:/
docker exec -it --env 'VAULT_ADDR=http://127.0.0.1:8200' dev-vault sh -c "$VAULT_SETUP"
printf "\n\nDEV ENVIRONMENT STARTED!\n Root token: myroot,\n Vault web address: http://127.0.0.1:8200/ui\n\n Username test user: mitchellh\n Username test userpassword: foo\n\n LDAP test user: bender\n LDAP test userpassword: bender\n LDAP test admin: professor\n LDAP test adminpassword: professor"