vault-helper

command module

v0.0.0-...-5169047 Latest Latest Go to latest Published: Apr 26, 2019 License: Apache-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jetstack/vault-helper

Links

Open Source Insights

README ¶

Vault Helper

This is tool is designed to automate PKI tasks for Tarmak using Hashicorp's Vault as a backend.

vault-helper is designed to first run setup. This will ensure all CA backends are mounted to the Vault server before applying roles and policies. This process is idempotent.

renew-token ensures that if an init token is present in file, a new token will be generated from that init token. This new token will be stored, deleting the init token. If a token has already been generated, this token will be renewed agaisnt the Vault server.

cert ensures that a private key has been generated and written to file. After which cert will verify stored certificates against Vault. If unsucessful, will issue a Certificate Signing Request to the Vault server using this private key. The responding signed certificate is then stored at the given path.

kubeconfig will apply cert before encoding the certificates and private key into a stored yaml file at the given path.

setup, cert, read and kubeconfig will all apply a renew-token with the given token before continuing if successful.

dev-server is used only to set up a local development evnironment for testing.

vault-helper Usage

Available Commands:
  cert        Create local key to generate a CSR. Call vault with CSR for specified cert role.
  dev-server  Run a vault server in development mode with kubernetes PKI created.
  help        Help about any command
  kubeconfig  Create local key to generate a CSR. Call vault with CSR for specified cert role. Write kubeconfig to yaml file.
  read        Read arbitrary vault path. If no output file specified, output to console.
  renew-token Renew token on vault server.
  setup       Setup kubernetes on a running vault server.
  version     Print the version number of vault-helper.

Flags:
  -h, --help            help for vault-helper
  -l, --log-level int   Set the log level of output. 0-Fatal 1-Info 2-Debug (default 1)

Use "vault-helper [command] --help" for more information about a command.

Vault Environment Variables

vault-helper requires the correct Vault environment variables to be set, for example:

$ export VAULT_ADDR=http://127.0.0.1:8200

Command Examples

setup

$ vault-helper setup cluster-name

renew-token

$ vault-helper renew-token --init_role=cluster-name-master

cert

$ vault-helper cert cluster-name/pki/k8s/sign/kube-apiserver k8s /etc/vault/name

Documentation ¶

Overview ¶

Copyright Jetstack Ltd. See LICENSE for details.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
cmd
hack
boilerplate/test
pkg
cert
dev_server
instanceToken
kubeconfig
kubernetes
read
testing/vault_dev

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL