DevFW-CICD/edp-doc
17
0
Fork 1
Code Issues Pull requests 2 Projects Releases Packages Wiki Activity Actions
edp-doc/docs/userguide/openbao.md

63 lines
2.2 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# OpenBao michal
## 📋 Outline
- [OpenBao michal](#openbao-michal)
- [📋 Outline](#-outline)
- [🧐 What is it?](#-what-is-it)
- [📦 Main features](#-main-features)
- [⏱️ Quick start guide](#-quick-start-guide)
- [⚙️ Configuration](#-configuration)
- [🔗 References](#-references)
## 🧐 What is it?
[OpenBao](https://openbao.org/) is a fork of [HashiCorp Vault](https://developer.hashicorp.com/vault) which is a centralized solution for managing and securing sensitive data like authentication credentials, usernames, API tokens, and database credentials.
Beyond static secrets, OpenBao supports dynamic secrets, allowing applications to generate ephemeral credentials for enhanced security.
## 📦 Main features
OpenBao's _Encrypt as a Service_ feature makes it simple to implement data encryption across your systems.
OpenBao's Secret Engines include:
1. **Key-Value Store**
2. **PKI** (Public Key Infrastructure) for certificate management
3. **SSH** for managing SSH credentials
4. **Transit Engine** for encrypting data without storing it
5. **Time-based One-Time Passwords** (TOTP) for two-factor authentication
6. **Kubernetes Secrets** for seamless integration with containerized applications
## ⏱️ Quick start guide
To initialise and unseal OpenBao follow these instructions:
1. Determine the pods running in your system with:
```
kubectl get pods -l app.kubernetes.io/name=openbao
```
2. To get the unseal key for each pod the pod _openbao-0_ run:
```
kubectl exec -ti openbao-0 -- bao operator init
```
3. And to unseal it you'll have to run the following command at least three times - each time with a different key:
```
kubectl exec -ti openbao-0 -- bao operator unseal <key>
```
4. Repeat step **2** and **3** for the rest of the pods
5. You should see _STATUS: Running_ for all pods after running
```
kubectl get pods -l app.kubernetes.io/name=openbao
```
## ⚙️ Configuration
Visit http://openbao.cnoe.localtest.me/ui/ to access the UI. From there you can easily manage and configure OpenBao.
## 🔗 References
* https://openbao.org/docs/platform/k8s/helm/run/#initialize-and-unseal-openbao
* https://developer.hashicorp.com/vault
Reference in a new issue View git blame Copy permalink