0

我正在研究自动化hashicorp vault过程,由于反复试验,我需要重复运行vault operator init命令,我尝试卸载vault并再次安装它,但似乎并没有删除以前的它生成的解封密钥+根令牌,我该怎么做?

我在某处读到需要删除我已经删除但它不起作用的存储“文件”路径(实际上我的 /opt/vault/data/ 目录是空的),这是我的 vault.hcl 文件:

# Full configuration options can be found at 
https://www.vaultproject.io/docs/configuration

ui = true

#mlock = true
#disable_mlock = true

storage "file" {
  path = "/opt/vault/data"
}

#storage "consul" {
#  address = "127.0.0.1:8500"
#  path    = "vault"
#}

# HTTP listener
#listener "tcp" {
#  address = "127.0.0.1:8200"
#  tls_disable = 1
#}

# HTTPS listener
listener "tcp" {
  address       = "0.0.0.0:8200"
  tls_cert_file = "/opt/vault/tls/tls.crt"
  tls_key_file  = "/opt/vault/tls/tls.key"
}

# Enterprise license_path
# This will be required for enterprise as of v1.8
#license_path = "/etc/vault.d/vault.hclic"

# Example AWS KMS auto unseal
#seal "awskms" {
#  region = "us-east-1"
#  kms_key_id = "REPLACE-ME"
#}

# Example HSM auto unseal
#seal "pkcs11" {
#  lib            = "/usr/vault/lib/libCryptoki2_64.so"
#  slot           = "0"
#  pin            = "AAAA-BBBB-CCCC-DDDD"
#  key_label      = "vault-hsm-key"
#  hmac_key_label = "vault-hsm-hmac-key"
#}
4

2 回答 2

2

这种设置的最佳实践实际上是 terraform 或 chef 或任何其他有状态的转换器。这样,您可以将环境带入理想状态(terraform apply)并轻松移除(terraform destroy)。

要重新初始化保险库,您可以将其关闭,删除数据文件夹:在您的情况下为“/opt/vault/data”。调出另一个实例。

于 2021-09-26T20:17:56.010 回答
-1

如果您只想进行测试,为什么不在开发模式下使用保管库?

于 2021-09-14T16:31:59.357 回答