Skip to content
Snippets Groups Projects
Select Git revision
  • 2473-use-debian-bookworm-across-all-gdk-images-2
  • dbarrett/test-git-version
  • 2495-fix-infinite-loop
  • main default protected
  • kassio/add-outdate-notice-message
  • 2454-simplify-tool-version-manager-config
  • 2473-use-debian-bookworm-across-all-gdk-images
  • eb-use-openbao-internal
  • kev-ai-gateway-integration
  • kev-config-task-path-abs
  • kev-snowplow-micro-ruby-service
  • 2412-combine-tool-versions-and-install-before-update
  • kev-golden-paths
  • pl-generate-configs
  • sh-compile-with-ubuntu-20.04
  • pl-rake-log-attachment
  • 513075-refactor-cells-configuration
  • leipert-cert-doctor
  • 2431-remove-unused-software-installed-by-mise
  • 1683-check-mise-activation
  • v0.2.16
  • v0.2.15
  • v0.2.14
  • v0.2.13
  • v0.2.12
  • v0.2.11
  • v0.2.10
  • v0.2.9
  • v0.2.8
  • v0.2.7
  • v0.2.5
  • v0.2.6
  • v0.2.4
  • v0.2.2
  • v0.2.1
  • v0.2.0
  • v0.1.1
37 results

openbao.md

Blame Permalink
21
openbao.md 1.29 KiB

OpenBao

OpenBao is backward compatible with Vault and can replace Vault without changing the existing setup. To avoid conflicts, disable Vault when enabling OpenBao.

You can configure the OpenBao to run locally in GDK.

To configure:

  1. Set the BAO_ADDR variable in your environment
   export BAO_ADDR='http://gdk.test:8200'
  1. Run gdk config set openbao.enabled true.
  2. Run gdk reconfigure.
  3. Run rake openbao/config.hcl to create a configuration file
  4. Run rake openbao/proxy_config.hcl to create a proxy configuration file
  5. Run gdk start openbao.
  6. Run gdk start openbao-proxy.
  7. Run gdk bao configure to unseal the vault
=> "✅ OpenBao has been unsealed successfully"
=> "The root token is: s.xxxxxxxxxxxxxxx"
  1. Run bao login with root token from above (gdk config get openbao.root_token)
  2. Run bao auth enable approle
  3. Run bao write auth/approle/role/project_secret_engines_manager token_policies=manage_projects_secret_engines
  4. Run bao read -field=role_id auth/approle/role/project_secret_engines_manager/role-id > openbao/roleid
  5. Run bao write -field=wrapping_token -f -wrap-ttl=1h auth/approle/role/project_secret_engines_manager/secret-id > openbao/secretid
  6. Run OpenBaoProxy with gdk start openbao-proxy