Vault approle
- unlock vault with app role:
How to reproduce:
- Enable the AppRole auth method from vault terminal or interface
vault auth enable approle
- Create policies “madbot_app” from vault interface
path "madbot/*" {
capabilities = ["create", "update", "read", "delete", "list"]
}
- Create the role madbot from vault terminal
vault write auth/approle/role/madbot secret_id_ttl=0 secret_id_num_uses=0 token_num_uses=0 token_max_ttl=8h token_ttl=8h policies=madbot_app
- Request and receive the role’s RoleID from vault terminal
vault read auth/approle/role/madbot/role-id
- Request and receive the role's SecretID from vault terminal
vault write -f auth/approle/role/madbot/secret-id
- Add RoleID and SecretID in your madbot .env file via 2 new variables:
MADBOT_VAULT_ROLEID and MADBOT_VAULT_SECRETID
- Remove 2 variables in madbot .env file:
MADBOT_VAULT_AUTH_PATH and MADBOT_VAULT_AUTH_ROLE
- Apply django database migration
python manage.py makemigrations
python manage.py migrate
- Start django server
python manage.py runserver
Edited by laurent bouri