openbao.md added
This commit is contained in:
parent
983c08c090
commit
fda1701434
1 changed files with 61 additions and 0 deletions
61
docs/openbao.md
Normal file
61
docs/openbao.md
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
# OpenBao
|
||||
|
||||
## 📋 Outline
|
||||
- [What is it?](#what-is-it)
|
||||
- [Main features](#main-features)
|
||||
- [Quick start guide](#quick-start-guide)
|
||||
- [Configuration](#configuration)
|
||||
- [References](#references)
|
||||
|
||||
## 🧐 What is it?
|
||||
|
||||
[OpenBao](https://openbao.org/) is a fork of [HashiCorp Vault](https://developer.hashicorp.com/vault) which is a centralized solution for managing and securing sensitive data like authentication credentials, usernames, API tokens, and database credentials.
|
||||
Beyond static secrets, OpenBao supports dynamic secrets, allowing applications to generate ephemeral credentials for enhanced security.
|
||||
|
||||
## 📦 Main features
|
||||
|
||||
OpenBao's _Encrypt as a Service_ feature makes it simple to implement data encryption across your systems.
|
||||
|
||||
OpenBao's Secret Engines include:
|
||||
1. **Key-Value Store**
|
||||
2. **PKI** (Public Key Infrastructure) for certificate management
|
||||
3. **SSH** for managing SSH credentials
|
||||
4. **Transit Engine** for encrypting data without storing it
|
||||
5. **Time-based One-Time Passwords** (TOTP) for two-factor authentication
|
||||
6. **Kubernetes Secrets** for seamless integration with containerized applications
|
||||
|
||||
## ⏱️ Quick start guide
|
||||
|
||||
To initialise and unseal OpenBao follow these instructions:
|
||||
|
||||
1. Determine the pods running in your system with:
|
||||
```
|
||||
kubectl get pods -l app.kubernetes.io/name=openbao
|
||||
```
|
||||
|
||||
2. To get the unseal key for each pod the pod _openbao-0_ run:
|
||||
```
|
||||
kubectl exec -ti openbao-0 -- bao operator init
|
||||
```
|
||||
|
||||
3. And to unseal it you'll have to run the following commant at least three times - each time with a different key:
|
||||
```
|
||||
kubectl exec -ti openbao-0 -- bao operator unseal
|
||||
```
|
||||
|
||||
4. Repeat step **2** and **3** for the rest of the pods
|
||||
|
||||
5. You should see _STATUS: Running_ for all pods after running
|
||||
```
|
||||
kubectl get pods -l app.kubernetes.io/name=openbao
|
||||
```
|
||||
|
||||
## ⚙️ Configuration
|
||||
|
||||
Visit http://openbao.cnoe.localtest.me/ui/ to access the UI. From there you can easily manage and configure OpenBao.
|
||||
|
||||
## 🔗 References
|
||||
|
||||
* https://openbao.org/docs/platform/k8s/helm/run/#initialize-and-unseal-openbao
|
||||
* https://developer.hashicorp.com/vault
|
||||
|
||||
Loading…
Reference in a new issue