🎉 initial commit

2022-04-06 15:33:57 +02:00
commit 968716ec76
29 changed files with 846 additions and 0 deletions
--- a/enabled-pki.sh
+++ b/enabled-pki.sh
@@ -0,0 +1,18 @@
+#kubectl exec --stdin=true --tty=true vault-0 -- /bin/sh
+vault secrets enable pki 
+
+vault secrets tune -max-lease-ttl=8760h pki
+
+vault write pki/root/generate/internal common_name=dev.localhost ttl=8760h
+
+vault write pki/config/urls issuing_certificates="http://vault.default:8200/v1/pki/ca"  crl_distribution_points="http://vault.default:8200/v1/pki/crl"
+
+vault write pki/roles/dev-dot-localhost  allowed_domains=dev.localhost  allow_subdomains=true  max_ttl=72h
+
+vault policy write pki - <<EOF
+path "pki*"                        { capabilities = ["read", "list"] }
+path "pki/roles/dev-dot-localhost"   { capabilities = ["create", "update"] }
+path "pki/sign/dev-dot-localhost"    { capabilities = ["create", "update"] }
+path "pki/issue/dev-dot-localhost"   { capabilities = ["create"] }
+EOF
+