Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

v0.0.6
Compare
Choose a tag to compare
@nemosupremo nemosupremo released this 04 May 23:34
· 182 commits to master since this release
0.0.6
039db5b

Changes

  • Add cubby method for unsealing.
  • Add TLS_CERT and TLS_KEY arguments for serving over TLS.

Cubby Method

The cubby method was added for ease of unsealing when you aren't serving over TLS. Since the token you send over the network can only be used once, it is useless after it used. You can create the token on the command line like so

$ vault token-create -policy="" -use-limit=2
Key             Value
token           74099365-c260-143a-bef8-0f96f3e03045 
token_accessor  10bb61c6-3eec-f954-abee-a1f40def4857
token_duration  0
token_renewable true
token_policies  [default]
$ VAULT_TOKEN=74099365-c260-143a-bef8-0f96f3e03045 vault write cubbyhole/vault-token token=REAL_PERM_TOKEN

And then provide the temp token, (74099365-c260-143a-bef8-0f96f3e03045 in this case) to gatekeeper for cubby unsealing.

Assets 17
Loading