1.2 KiB
1.2 KiB
Getting a token from existing role
vault write auth/approle/login role_id= secret_id=
Getting role-id and secret-id from existing approle
vault read auth/approle/role/<monRole>/role-id
vault write -f auth/approle/role/<monRole>/secret-id
Add bound_service_account_names to kubernetes role
> vim @api.json
{
"alias_name_source": "serviceaccount_uid",
"bound_service_account_names": [
"my-api",
"my-api-pending-check-daemon",
"my-api-consumer2",
"my-api-consumer"
],
"bound_service_account_namespaces": [
"namespace1"
],
"token_bound_cidrs": [],
"token_explicit_max_ttl": 0,
"token_max_ttl": 0,
"token_no_default_policy": true,
"token_num_uses": 0,
"token_period": 0,
"token_policies": [
"my-api-prd"
],
"token_ttl": 0,
"token_type": "default"
}
> vault write auth/staging/kubernetes/role/my-api @api.json
Add policy to LDAP user
vault write auth/ldap/users/myUser groups=lead-dev policies=new-policy
See blocked users
vault read /sys/locked-users
Unblock user
vault write -f /sys/locked-users/auth_ldap_92748d56/unlock/testsla