edp-doc/docs/openbao.md

# OpenBao

## 📋 Outline
- [What is it?](#what-is-it)
- [Main features](#main-features)
- [Quick start guide](#quick-start-guide)
- [Configuration](#configuration)
- [References](#references)

## 🧐 What is it?

[OpenBao](https://openbao.org/) is a fork of [HashiCorp Vault](https://developer.hashicorp.com/vault) which is a centralized solution for managing and securing sensitive data like authentication credentials, usernames, API tokens, and database credentials. 
Beyond static secrets, OpenBao supports dynamic secrets, allowing applications to generate ephemeral credentials for enhanced security.

## 📦 Main features

OpenBao's _Encrypt as a Service_ feature makes it simple to implement data encryption across your systems.

OpenBao's Secret Engines include:
1. **Key-Value Store**
2. **PKI** (Public Key Infrastructure) for certificate management
3. **SSH** for managing SSH credentials
4. **Transit Engine** for encrypting data without storing it
5. **Time-based One-Time Passwords** (TOTP) for two-factor authentication
6. **Kubernetes Secrets** for seamless integration with containerized applications

## ⏱️ Quick start guide

To initialise and unseal OpenBao follow these instructions:

1. Determine the pods running in your system with: 
```
kubectl get pods -l app.kubernetes.io/name=openbao
```

2. To get the unseal key for each pod the pod _openbao-0_ run:
```
kubectl exec -ti openbao-0 -- bao operator init
```

3. And to unseal it you'll have to run the following commant at least three times - each time with a different key:
```
kubectl exec -ti openbao-0 -- bao operator unseal
```

4. Repeat step **2** and **3** for the rest of the pods

5. You should see _STATUS: Running_ for all pods after running 
```
kubectl get pods -l app.kubernetes.io/name=openbao
```

## ⚙️ Configuration

Visit http://openbao.cnoe.localtest.me/ui/ to access the UI. From there you can easily manage and configure OpenBao.

## 🔗 References

* https://openbao.org/docs/platform/k8s/helm/run/#initialize-and-unseal-openbao
* https://developer.hashicorp.com/vault
openbao.md added 2024-12-04 11:46:03 +00:00			`# OpenBao`

			`## 📋 Outline`
			`- [What is it?](#what-is-it)`
			`- [Main features](#main-features)`
			`- [Quick start guide](#quick-start-guide)`
			`- [Configuration](#configuration)`
			`- [References](#references)`

			`## 🧐 What is it?`

			`[OpenBao](https://openbao.org/) is a fork of [HashiCorp Vault](https://developer.hashicorp.com/vault) which is a centralized solution for managing and securing sensitive data like authentication credentials, usernames, API tokens, and database credentials.`
			`Beyond static secrets, OpenBao supports dynamic secrets, allowing applications to generate ephemeral credentials for enhanced security.`

			`## 📦 Main features`

			`OpenBao's _Encrypt as a Service_ feature makes it simple to implement data encryption across your systems.`

			`OpenBao's Secret Engines include:`
			`1. Key-Value Store`
			`2. PKI (Public Key Infrastructure) for certificate management`
			`3. SSH for managing SSH credentials`
			`4. Transit Engine for encrypting data without storing it`
			`5. Time-based One-Time Passwords (TOTP) for two-factor authentication`
			`6. Kubernetes Secrets for seamless integration with containerized applications`

			`## ⏱️ Quick start guide`

			`To initialise and unseal OpenBao follow these instructions:`

			`1. Determine the pods running in your system with:`
			```
			`kubectl get pods -l app.kubernetes.io/name=openbao`
			```

			`2. To get the unseal key for each pod the pod _openbao-0_ run:`
			```
			`kubectl exec -ti openbao-0 -- bao operator init`
			```

			`3. And to unseal it you'll have to run the following commant at least three times - each time with a different key:`
			```
			`kubectl exec -ti openbao-0 -- bao operator unseal`
			```

			`4. Repeat step 2 and 3 for the rest of the pods`

			`5. You should see _STATUS: Running_ for all pods after running`
			```
			`kubectl get pods -l app.kubernetes.io/name=openbao`
			```

			`## ⚙️ Configuration`

			`Visit http://openbao.cnoe.localtest.me/ui/ to access the UI. From there you can easily manage and configure OpenBao.`

			`## 🔗 References`

			`* https://openbao.org/docs/platform/k8s/helm/run/#initialize-and-unseal-openbao`
			`* https://developer.hashicorp.com/vault`