venafi-vault-wizard

command module

v0.1.3 Latest Latest Go to latest Published: May 27, 2022 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/opencredo/venafi-vault-wizard

Links

Open Source Insights

README ¶

`venafi-vault-wizard`, (`vvw`)

Website: https://marketplace.venafi.com/details/venafi-vault-wizard
Source: https://github.com/opencredo/venafi-vault-wizard
Venafi Community Support: https://support.venafi.com/hc/en-us/community/topics
HashiCorp Discuss: https://discuss.hashicorp.com/c/vault/30

This repository is home to the venafi-vault-wizard which can be used to verify the setup of HashiCorp Vault with Venafi as a Service and TPP.

Requirements

Go 1.18
Vagrant
Venafi as a Service Account & Zone or TPP instance

Docs

Introduction

The tool centres around the use of a configuration file to declare what plugins should be installed to HashiCorp Vault, and how they should be configured. This file describes the desired state, and the tool uses it to make the required changes to achieve the desired state. This workflow is similar to that of HashiCorp Terraform.

The tool has two main subcommands: generate-config and apply. The generate-config command triggers a step-by-step wizard that asks a series of questions in order to generate the configuration file. The apply command, similarly to Terraform, then performs the plugin installation and configuration, as required by the configuration file. Both subcommands have a required -f or --configFile flag. For generate-config, this specifies where the generated configuration will be written to. For apply, it specifies the configuration to read from, and to apply to the Vault server.

Quick Start

Single node Vault server

To quickly start exploring the use of the Venafi Vault Wizard, (VVW) a test environment with a VM running Vault can be easily set up using Vagrant. This will provide the VVW tool with a Vault server to install the vault-pki-backend-venafi and vault-pki-monitor-venafi plugins. After they have been installed, certificates can be requested directly from the Vault instance. Either a Venafi TPP instance must be available, or alternatively Venafi as a Service can be used.

First, build the Venafi Vault Wizard, (VVW) tool. The binary will be placed in ./bin at the root of the project.

$ make build

Navigate to the single-node test environment directory. This directory contains a Vagrantfile and required scripts, as well as a sample vvw.hcl file to configure VVW appropriately. There is a README.md there which explains the setup in more detail.

$ cd examples/single_node_cluster_vagrant

Provision the test Vault server and set the required environment variables using the following commands.

$ vagrant up
$ export VAULT_TOKEN="TOKEN PRINTED FROM VAGRANT HERE"
$ export VAULT_ADDR="http://192.168.33.20:8200"

When that has finished, run the VVW tool with the provided configuration file, populating the environment variables with the relevant information. There are two VVW HCL configuration files: tpp-vvw.hcl for Venafi Trust Protection Platform (TPP) and vaas-vvw.hcl for Venafi as a Service (VaaS). Choose the appropriate one depending on your requirements.

For TPP:

$ export TPP_URL="YOUR TPP INSTANCE URL HERE"
$ export TPP_USERNAME="YOUR TPP USERNAME HERE"
$ export TPP_PASSWORD="YOUR TPP PASSWORD HERE"
$ ../../bin/vvw apply -f tpp-vvw.hcl

or for the VaaS configuration:

$ export VENAFI_API_KEY="YOUR VaaS API KEY"
$ ../../bin/vvw apply -f vaas-vvw.hcl

Once the VVW tool has successfully completed the installation, a certificate can be requested from either plugin through Vault.

$ vault write pki-monitor/issue/web_server common_name="test.example.com"
$ vault write pki-backend/issue/web_server common_name="test.example.com"

or for the VaaS configuration

$ vault write pki-monitor/issue/web_server common_name="test.example.com"
$ vault write pki-backend/issue/web_server common_name="test.example.com"

Development

Testing

The unit tests can be run with:

$ make test

Generating mocks

The VVW tests use a number of pre-generated mocks that can be found under the <repo root>/mocks directory. These replace the implementation of interfaces used throughout the code, to allow the tests to focus on testing specific areas. They also provide the advantage that most unit tests run without touching real resources so are much faster and don't cause unwanted side effects. If any of the interfaces have changed, or new ones added, then the mocks can be regenerated with the following command:

$ make generate-mocks

The command will download the Mockery binary to the <repo root>/bin directory and then proceed to generate mock implementations of interfaces found within the project. See the testify/mock package for more details on how to use the mocking framework.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
app
commands
config
config/errors
config/generate
downloader
github
plugins
plugins/lookup
plugins/venafi
plugins/venafi/pki-backend
plugins/venafi/pki-monitor
plugins/venafi/venafi_wrapper
plugins/venafi/venafi_wrapper/vcert_wrapper
questions
questions/prompter
reporter
reporter/pretty
tasks
tasks/checks
vault
vault/api
vault/lib
vault/ssh
cmd
mocks
app/downloader
app/plugins
app/plugins/lookup
app/plugins/venafi
app/plugins/venafi/venafi_wrapper
app/questions
app/reporter
app/vault/api
app/vault/lib
app/vault/ssh

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL