From fda170143417ad87d84e7c28878996dc3554812d Mon Sep 17 00:00:00 2001 From: "Michal.Wrobel" Date: Wed, 4 Dec 2024 11:46:03 +0000 Subject: [PATCH] openbao.md added --- docs/openbao.md | 61 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 docs/openbao.md diff --git a/docs/openbao.md b/docs/openbao.md new file mode 100644 index 0000000..90a8878 --- /dev/null +++ b/docs/openbao.md @@ -0,0 +1,61 @@ +# OpenBao + +## 📋 Outline +- [What is it?](#what-is-it) +- [Main features](#main-features) +- [Quick start guide](#quick-start-guide) +- [Configuration](#configuration) +- [References](#references) + +## 🧐 What is it? + +[OpenBao](https://openbao.org/) is a fork of [HashiCorp Vault](https://developer.hashicorp.com/vault) which is a centralized solution for managing and securing sensitive data like authentication credentials, usernames, API tokens, and database credentials. +Beyond static secrets, OpenBao supports dynamic secrets, allowing applications to generate ephemeral credentials for enhanced security. + +## 📦 Main features + +OpenBao's _Encrypt as a Service_ feature makes it simple to implement data encryption across your systems. + +OpenBao's Secret Engines include: +1. **Key-Value Store** +2. **PKI** (Public Key Infrastructure) for certificate management +3. **SSH** for managing SSH credentials +4. **Transit Engine** for encrypting data without storing it +5. **Time-based One-Time Passwords** (TOTP) for two-factor authentication +6. **Kubernetes Secrets** for seamless integration with containerized applications + +## ⏱️ Quick start guide + +To initialise and unseal OpenBao follow these instructions: + +1. Determine the pods running in your system with: +``` +kubectl get pods -l app.kubernetes.io/name=openbao +``` + +2. To get the unseal key for each pod the pod _openbao-0_ run: +``` +kubectl exec -ti openbao-0 -- bao operator init +``` + +3. And to unseal it you'll have to run the following commant at least three times - each time with a different key: +``` +kubectl exec -ti openbao-0 -- bao operator unseal +``` + +4. Repeat step **2** and **3** for the rest of the pods + +5. You should see _STATUS: Running_ for all pods after running +``` +kubectl get pods -l app.kubernetes.io/name=openbao +``` + +## ⚙️ Configuration + +Visit http://openbao.cnoe.localtest.me/ui/ to access the UI. From there you can easily manage and configure OpenBao. + +## 🔗 References + +* https://openbao.org/docs/platform/k8s/helm/run/#initialize-and-unseal-openbao +* https://developer.hashicorp.com/vault +