https://6364c9bf.problemofnetworkdotcom.pages.dev/tags/vault/ Recent content in Vault on Problem of Network Hugo en-gb Tue, 19 Nov 2024 18:00:00 +0100 https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/making-use-of-vault-ansible/ Tue, 19 Nov 2024 18:00:00 +0100 https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/making-use-of-vault-ansible/ <p>As we come towards the end of this mini series, we talked about how to <a href="https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/bootstraping-hashi-vault/">bootstrap</a> a hashicorp vault for non-prod use, what <a href="https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/hashi-vault-primitives/">primitives</a> vault uses for secrets management, and how to talk to vault from <a href="https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/making-use-of-vault-python/">python</a>.</p> <p>Here we will dig into how you can access vault content within an Ansible workflow, ensuring you never more have the pain of managing secrets with <code>ansible-vault</code>, or worse, storing them plain text in a repo somewhere.</p> https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/making-use-of-vault-python/ Tue, 19 Nov 2024 09:00:00 +0100 https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/making-use-of-vault-python/ <p>It&rsquo;s remarkably easy to get sucked into hardcoding things that probably should live outside your code.</p> <p>It is clear to many of us that storing secrets anywhere that isn&rsquo;t vault (or something like it), is a terrible practice. It is also true that the best laid plans of mice and men <em>aft gan aglais</em>.</p> <p>In other words, the problem is rarely that we don&rsquo;t want to do secure coding, its that we lack the time, talent, or awareness to do this right. Don&rsquo;t dwell on that too much either - its just how the world works.</p> https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/hashi-vault-primitives/ Mon, 18 Nov 2024 20:00:00 +0100 https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/hashi-vault-primitives/ <h2 id="some-vault-primitives">Some Vault Primitives</h2> <p>Pretty much everywhere you go in vault you will find you need a few building blocks to make <em>anything</em> work.</p> <h3 id="env-vars">Env Vars</h3> <p>Regardless of how you choose to talk to vault (CLI/WebAPI/SDK), you will find that the most common way to &ldquo;encode&rdquo; the vault settings is in an Environment variable. This is a nod towards its &ldquo;cloud native&rdquo; upbringing, where config files are the devil or something.</p> https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/bootstrapping-hashi-vault/ Mon, 18 Nov 2024 18:00:00 +0100 https://6364c9bf.problemofnetworkdotcom.pages.dev/posts/bootstrapping-hashi-vault/ <p>Recently I have spent a reasonable amount of time in Hashicorp vault. As part of a mini series on how to make better use of it in Network Automation, I started writing this as a &ldquo;intro&rdquo; to a post on the subject.</p> <p>As per usual with me, it ended up being so long that it had to be its own post. So. Here you are.</p> <blockquote> <p>Some of you might have opinions about Hashicorp and their licence changes. I do not (either professionally nor personally), compete with Hashicorp, and so it is my understanding I can use their products in an opensource sense. If you feel differently, feel free to use openbao.</p>