HOME

manintheit.org

manintheit.org

vault

  • OpenShift Global Pull Secret

    In this post, we’ll walk you through how to securely fetch registry user credentials from HashiCorp Vault and apply them globally as a Pull Secret configuration in your OpenShift cluster. In today’s dynamic containerized environments, ensuring the security of your registry credentials is paramount. Exposing these credentials can lead to unauthorized access, data breaches, and… Continue reading

    ,

  • Vault Patch Method

    With the release of HashiCorp Vault 1.9.0, managing secrets has become even more streamlined and efficient. One of the standout features? The ability to update only specified secrets, giving users precise control over their credentials within Vault. Imagine this: You want to update particular field(secret) in Vault location without touching others. Here, I shared a… Continue reading

    ,

  • check-certificate.sh

    check-certificate.sh is a shell script which can be used to notify group of people over Slack before TLS certificates expire. Script can check tls certificates in two sources. tls:// and vault://. VAULT_ADDR, VAULT_TOKEN and SLACK_WEBHOOK must be set before the execution. check.txt You can find check-certificate.sh in my GH repo. Continue reading

    ,

  • walk.sh(HC Vault)

    walk.sh script helps you print all secrets inside the KV type secret engine. You can extend the script to search for specific content. For example checking expire date of TLS certificates in your Vault before they expire. You can find walk.sh in my GH repo. You can find how-to in the repo. Continue reading

    ,

  • HashiCorp Vault Disk Inode Is Full

    HashiCorp Vault Disk Inode Is Full

    Recently, I had very interesting issue with Vault that, it stopped functioning two hours after integration with Redfish Bare-Metal Host Monitoring which uses Approle to get iLO user and credentials. Vault audit logs shows that Approle for redfish monitoring requested heavy in a second. It might be still normal for around 80 Physical servers polling, but something… Continue reading

    ,

  • HashiCorp Vault LDAP Integration

    In this post, HashiCorp Vault will be integrated with LDAP. It is good security practice that storing all secrets in the secret engine instead of putting notepad-like programs. But it is also very crucial that- “Who access to what ? So, in this post, We will integrate HashiCorp Vault with the LDAP groups that we created in… Continue reading

    ,