檢視 Vault/Install 的原始碼

'''Vault'''是一套由[[HashiCorp]]開發的密碼管理軟體。

== 概要 ==

Vault可以拿來存放各類credential資料，像是Key或是Password。

== 安裝 ==

Vault是單執行檔，建議安裝的路徑是<code>/usr/local/bin/vault</code>，這點沒有在官方的文件裡提到，但官方的範例常使用這個路徑<ref name="ops-deployment-guide">{{Cite web |url=https://learn.hashicorp.com/vault/day-one/ops-deployment-guide |title=Vault Deployment Guide |accessdate=2020-07-15 |language=en}}</ref>。

以Linux版的例子來說：

<syntaxhighlight lang="bash">
cd /tmp; wget -c https://releases.hashicorp.com/vault/1.4.3/vault_1.4.3_linux_amd64.zip; unzip vault_1.4.3_linux_amd64.zip; sudo cp vault /usr/local/bin/vault; sudo chmod 755 /usr/local/bin/vault
</syntaxhighlight>

== 設定 ==

Vault的設定檔建議的路徑是<code>/etc/vault.d/vault.hcl</code>，這點沒有在官方的文件裡提到，但官方的範例常使用這個路徑<ref name="ops-deployment-guide"/>。

這邊是設定成：

* 使用[[AWS KMS]]加解密。
* 使用[[Amazon DynamoDB]]當作儲存空間。

<syntaxhighlight lang="bash">
api_addr = "http://10.10.10.10:8200"
cluster_addr = "http://10.10.10.10:8201"
log_level = "Info"

listener "tcp" {    
  address         = "0.0.0.0:8200"
  cluster_address = "10.10.10.10:8201"
  tls_disable     = "true"
}

seal "awskms" {
  region     = "ap-southeast-1"
  access_key = "x"
  secret_key = "x"
  kms_key_id = "x"
}

storage "dynamodb" {
  ha_enabled = "true"
  region     = "ap-southeast-1"
  table      = "vault"
  access_key = "x"
  secret_key = "x"
}
</syntaxhighlight>

== 參考文獻 ==

{{Reflist|2}}

== 外部連結 ==

* {{Official|https://www.vaultproject.io/}} {{en}}

[[Category:軟體]]