代码拉取完成,页面将自动刷新
#!/usr/bin/env bash
# Assumes jq and vault 1.1+ is in $PATH.
# Kills any running vault server.
kill $(ps ax |grep 'vault server' |awk '{print $1}') 2>/dev/null
set -e
source .env
sleep 1
vault server -dev -dev-root-token-id=myroot -log-level=debug > /tmp/vault.log 2>&1 &
sleep 1
export VAULT_TOKEN=myroot
export VAULT_ADDR=http://127.0.0.1:8200
cat - > /tmp/policy.hcl <<EOF
path "/secret/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
EOF
vault policy write adm /tmp/policy.hcl
cat - > /tmp/devpolicy.hcl <<EOF
path "/secret/*" {
capabilities = ["read", "list"]
}
EOF
vault policy write dev /tmp/devpolicy.hcl
vault auth enable oidc
vault write auth/oidc/config \
oidc_discovery_url="https://$AUTH0_DOMAIN/" \
oidc_client_id="$AUTH0_CLIENT_ID" \
oidc_client_secret="$AUTH0_CLIENT_SECRET" \
default_role="demo"
vault write auth/oidc/role/demo \
bound_audiences="$AUTH0_CLIENT_ID" \
allowed_redirect_uris="http://localhost:8200/ui/vault/auth/oidc/oidc/callback" \
allowed_redirect_uris="http://localhost:8250/oidc/callback" \
user_claim="sub" \
policies=dev \
groups_claim="roles"
gid=$(vault write -format=json identity/group \
name="auth0-admin" \
policies="adm" \
type="external" \
metadata=organization="Auth0 Users" | jq -r .data.id)
vault write identity/group-alias name="admin" \
mount_accessor=$(vault auth list -format=json | jq -r '."oidc/".accessor') \
canonical_id="${gid}"
VAULT_TOKEN= vault login -method=oidc role=$VAULT_ROLE
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。