设置Azure
首先建立一个Storage account,获得:
- storage account的名字
- accountkey(两个之一即可)
然后建立一个Key Vault,去keys里面新建一个key,获得:
- Tenant ID
- key vault的名字
- 新建的key的名字
然后我们需要设置Key Vault的access policy。
- 如果Vault程序运行在Azure VM上,那么需要加一下那台虚拟机
- 否则,去Azure AD注册一个新的application,加一下那个application
权限的话key permissions里面全选即可。如果你注册了一个新的application,那么需要在application里面生成一个client secret。
设置Hashicorp Vault
参考配置文件:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
storage "azure" { accountName = "storage-account-name" accountKey = "storage-account-key" container = "blob-storage-name" environment = "AzurePublicCloud" } seal "azurekeyvault" { tenant_id = "your-aad-tenant-id" vault_name = "key-vault-name" key_name = "key-name" # only if Vault server is not run on Azure VM: client_id = "aad application client id" client_secret = "aad application client secret" } listener "tcp" { address = "127.0.0.1:8200" tls_disable = 1 } ui = true #log_level = "Trace" default_lease_ttl = "30m" max_lease_ttl = "43800h" disable_mlock = false disable_cache = false cluster_name = "test-cluster" # cannot use with free version disable_sealwrap = true |
初始化Hashicorp Vault
|
1 |
.\vault.exe server "-config=vault.conf" |
启动服务器,然后访问http://localhost:8200/ui/vault/init完成初始化向导即可。