Skip to content

Vault approle

laurent bouri requested to merge vault_approle into dev
  • unlock vault with app role:

How to reproduce:

  1. Enable the AppRole auth method from vault terminal or interface

vault auth enable approle

  1. Create policies “madbot_app” from vault interface 
path "madbot/*" {
capabilities = ["create", "update", "read", "delete", "list"]
}
  1. Create the role madbot from vault terminal

vault write auth/approle/role/madbot secret_id_ttl=0 secret_id_num_uses=0 token_num_uses=0 token_max_ttl=8h token_ttl=8h policies=madbot_app

  1. Request and receive the role’s RoleID from vault terminal

vault read auth/approle/role/madbot/role-id

  1. Request and receive the role's SecretID from vault terminal

vault write -f auth/approle/role/madbot/secret-id

  1. Add RoleID and SecretID in your madbot .env file via 2 new variables:

MADBOT_VAULT_ROLEID and MADBOT_VAULT_SECRETID

  1. Remove 2 variables in madbot .env file:

MADBOT_VAULT_AUTH_PATH and MADBOT_VAULT_AUTH_ROLE

  1. Apply django database migration

python manage.py makemigrations

python manage.py migrate

  1. Start django server

python manage.py runserver

Edited by laurent bouri

Merge request reports