vault官方沒有提供圖形界面功能，比較了幾個開源的圖形界面之后，覺得goldfish的功能相對完善。

goldfish部署

sudo mkdir /opt/goldfish && sudo chown `whoami:whoami`git clone https://github.com/Caiyeon/goldfish.git cd goldfish#生成前端文件 bash build.sh mv frontend /opt/goldfish/#生成goldfish后端文件 go get github.com/caiyeon/goldfish cd $GOPATH/src/github.com/caiyeon/goldfish go build mv goldfish /usr/local/bin/ sudo setcap cap_ipc_lock=+ep $(readlink -f $(which goldfish))# 生成配置文件 cat << EOF > config.hcl listener "tcp" {address = "0.0.0.0:8000"# 啟用httpstls_disable = 0tls_cert_file = "ca/goldfish-server.crt"tls_key_file = "ca/goldfish-server.key" }vault {address = "https://vault:8200"approle_id = "goldfish"# vault的ca根證書ca_cert = "ca/ca.crt" } EOF## 啟動goldfish goldfish -config=./config.hcl # 訪問goldfish # https://goldfish<goldfish服務器ip>:8000

goldfish 初始化

因為goldfish是利用approle來對vault進行訪問，所以需要在vault里面對goldfish進行配置

#啟用approle認證 vault auth-enable approle# 為goldfish創建策略 vault policy-write goldfish goldfish/vagrant/policies/goldfish.hcl# 創建approle角色并關聯策略 vault write auth/approle/role/goldfish role_name=goldfish policies=default,goldfish \ secret_id_num_uses=1 secret_id_ttl=5m period=24h token_ttl=0 token_max_ttl=0vault write auth/approle/role/goldfish/role-id role_id=goldfishvault write secret/goldfish DefaultSecretPath="secret/" UserTransitKey="goldfish" BulletinPath="secret/bulletins/"#生成密碼啟封goldfish vault write -f -wrap-ttl=5m auth/approle/role/goldfish/secret-id

開始使用吧！

總結

以上是生活随笔為你收集整理的vault-图形界面的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。