2

MinIo通过Kes-Vault管理密码

 1 year ago
source link: https://syxdevcode.github.io/2022/09/26/MinIo%E9%80%9A%E8%BF%87Kes-Vault%E7%AE%A1%E7%90%86%E5%AF%86%E7%A0%81/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

自签名证书

参考:OpenSSL生成CA,二级CA,服务器证书

Kes配置文件

address: 0.0.0.0:7373 # Listen on all network interfaces on port 7373

admin:
  identity: disabled  # We disable the admin identity since we don't need it in this guide 

tls:
  #key: /opt/certs/agent/key/cakey.pem    # The KES server TLS private key
  #cert: /opt/certs/agent/key/cacert.crt       # The KES server TLS certificate  
  key: /opt/certs/25519/server.key    # The KES server TLS private key
  cert: /opt/certs/25519/server.crt       # The KES server TLS certificate

policy:
  my-app: 
    allow:
    - /v1/key/create/my-key*
    - /v1/key/generate/my-key*
    - /v1/key/decrypt/my-key*
    identities:
    - 0a3b5c174894c5b782889775a6a586c1dc8c9e03f8cf1b41be099a017ec25ec4 # Use the identity of your client.crt

keystore:
   vault:
     endpoint: https://127.0.0.1:8200
     version:  v1 # The K/V engine version - either "v1" or "v2".
     approle:
       id:     "a54e9ae2-a4e7-87bf-3fda-1fa30f65c3c5" # Your AppRole ID
       secret: "47ef5ebb-ebef-0ae1-001a-80dc74c8c638" # Your AppRole Secret
       retry:  15s
     status:
       ping: 10s
     tls:
       ca: /opt/certs/vault/vault.crt # Manually trust the vault certificate since we use self-signed certificates

-k 跳过证书校验。

kes key dek my-key-1 -k

Hashicorp Vault Keystore


report

Recommend

  • 47
    • www.cnblogs.com 4 years ago
    • Cache

    MinIO 搭建

    MinIO 搭建 MinIO 是一个基于 Apache License v2.0 开源协议的对象存储服务。它兼容亚马逊 S3 云存储服务接口,非常适合于存储大容量非结构化的数据,例如图片、视频、日志文件、备份数据和容器/虚拟机镜像等,而一个对象文件可...

  • 19
    • Github github.com 4 years ago
    • Cache

    GitHub - minio/minio-go: MinIO Client SDK for Go

    README.md MinIO Go Client SDK for Amazon S3 Compatible Cloud Storage

  • 72
    • Github github.com 4 years ago
    • Cache

    minio/sidekick

    sidekick is a high-performance sidecar load-balancer. By attaching a tiny load balancer as a sidecar to each of the client a...

  • 31
    • 微信 mp.weixin.qq.com 3 years ago
    • Cache

    有了MinIO,你还会用FastDFS么?

    有了MinIO,你还会用FastDFS么? 原创...

  • 7
    • blog.deleu.dev 3 years ago
    • Cache

    Laravel Fake S3 with Minio

    Laravel Fake S3 with MinioOctober 16, 2020Most of the time when I’m writing test code in Laravel I take advantage of the great Storage::fake() provided by Laravel Test Suite. However, I usually like to have at lea...

  • 9
    • docs.min.io 3 years ago
    • Cache

    MinIO Docker快速入门

    MinIO Docker 快速入门 您的机器已经安装docker. 从 这里下载相关软件。 在Docker中运行MinIO单点模式。 MinIO 需要一个持久卷来存储配置和应用数据。不过...

  • 16
    • docs.min.io 3 years ago
    • Cache

    MinIO Docs | MinIO纠删码快速入门

    Minio纠删码快速入门 Minio使用纠删码erasure code和checksum来保护数据免受硬件故障和无声数据损坏。 即便您丢失一半数量(N/2)的硬盘,您仍然可以恢复数据。 什么是纠删码erasure code?

  • 9
    • docs.min.io 3 years ago
    • Cache

    MinIO Docs | 分布式MinIO快速入门

    分布式MinIO快速入门 分布式Minio可以让你将多块硬盘(甚至在不同的机器上)组成一个对象存储服务。由于硬盘分布在不同的节点上,分布式Minio避免了单点故障。 分布式Minio有什么好处? 在大数据领域,通常的设计理念都是无中...

  • 10
    • docs.min.io 3 years ago
    • Cache

    使用TLS安全的访问MinIO服务

    使用TLS安全的访问Minio服务 本文,我们讲介绍如何在Linux和Windows上配置Minio服务使用TLS。 1. 前提条件 下载Minio server 这里 2. 配置已存...

  • 3
    • xmanyou.com 2 years ago
    • Cache

    ApiSix + Minio灵活管理ads.txt/app-ads.txt等静态文件的解析

    12 December 2021 / Apisix ApiSix + Minio灵活管理ads.txt/app-ads.txt等静态文件的解析...

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK