DevFW-CICD/edp-doc
18
0
Fork 1
Code Issues Pull requests 2 Projects Releases Packages Wiki Activity Actions

docs/userguide/openbao.md aktualisiert

Browse source
This commit is contained in:
Michal.Wrobel 2024-12-18 09:24:58 +00:00
parent 3f22c2dcf8
commit 1071d0727f
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
docs/userguide/openbao.md
View file

@ -11,6 +11,23 @@ OpenBao's Secret Engines include:
5. **Time-based One-Time Passwords** (TOTP) for two-factor authentication 5. **Time-based One-Time Passwords** (TOTP) for two-factor authentication
6. **Kubernetes Secrets** for seamless integration with containerized applications 6. **Kubernetes Secrets** for seamless integration with containerized applications
## 🔨 How to get it to run
The External Secrets Operator needs a kubernetes secret containing the **OpenBao's initial token** to access its secrets. You can create it with:
`kubectl create secret generic vault-token --from-literal=token=<root_token_from_getpassword.sh> -n openbao`
To perform any actions in OpenBao you need to authenticate using the following command:
`kubectl exec -ti openbao-0 -n openbao -- vault login <root_token_from_getpassword.sh>`
For demontrational purposes you can enable a **Key-Value secret engine** on the path **/data** with:
`kubectl exec -ti openbao-0 -n openbao -- vault secrets enable -path=data kv`
And to add your first secret just run:
`kubectl exec -ti openbao-0 -n openbao -- vault kv put data/postgres POSTGRES_USER=admin POSTGRES_PASSWORD=123456`
## 🔗 References ## 🔗 References
* https://openbao.org/docs/platform/k8s/helm/run/#initialize-and-unseal-openbao * https://openbao.org/docs/platform/k8s/helm/run/#initialize-and-unseal-openbao