[Valut] ID ๊ธฐ๋ฐ˜ ๋น„๋ฐ€ ๋ฐ ์•”ํ˜ธํ™” ๊ด€๋ฆฌ ์‹œ์Šคํ…œ ๊ตฌ์ถ• feat.Docker

2023. 11. 3. 21:01ใ†System ์ž‘์—…์‹ค/DevOps

728x90
๋ฐ˜์‘ํ˜•

 

 

 

COUPANG

์ฟ ํŒก์€ ๋กœ์ผ“๋ฐฐ์†ก

www.coupang.com

"์ด ํฌ์ŠคํŒ…์€ ์ฟ ํŒก ํŒŒํŠธ๋„ˆ์Šค ํ™œ๋™์˜ ์ผํ™˜์œผ๋กœ, ์ด์— ๋”ฐ๋ฅธ ์ผ์ •์•ก์˜ ์ˆ˜์ˆ˜๋ฃŒ๋ฅผ ์ œ๊ณต๋ฐ›์Šต๋‹ˆ๋‹ค."

 

 

 

 

๐Ÿš€ ID ๊ธฐ๋ฐ˜ ๋น„๋ฐ€ ๋ฐ ์•”ํ˜ธํ™” ๊ด€๋ฆฌ ์‹œ์Šคํ…œ ๊ตฌ์ถ•

    ๐Ÿ”ฝ  ๊ฐœ์š”

        ๐Ÿ“ฆ ์†Œ๊ฐœ

์ด๋ฒˆ ๊ธ€์€ Docker๋ฅผ ์ด์šฉํ•˜์—ฌ Valut(๋ณผํŠธ)๋ผ๋Š” ๊ฒƒ์„ ๊ตฌํ˜„ํ•˜๋Š” ๊ฒƒ์— ๋Œ€ํ•ด ์ •๋ฆฌํ•ด ๋ณด๋ ค๊ณ  ํ•ด์š”.

 

๋ณผํŠธ๋ž€ ๋ฌด์—‡์ผ๊นŒ์š”?

 

๋ณผํŠธ๋Š” HashiCorp๊ฐ€ ๊ฐœ๋ฐœํ•œ ์˜คํ”ˆ ์†Œ์Šค ๋น„๋ฐ€ ๊ด€๋ฆฌ ๋„๊ตฌ์—์š”. ๋ณผํŠธ๋Š” Application(์• ํ”Œ๋ฆฌ์ผ€์ด์…˜)์—์„œ ์‚ฌ์šฉ๋˜๋Š” ๋น„๋ฐ€ ์ •๋ณด์™€ ์•”ํ˜ธํ™” Key, API Token(ํ† ํฐ) ๋“ฑ์„ ์•ˆ์ „ํ•˜๊ฒŒ ์ €์žฅํ•˜๊ณ , ๊ด€๋ฆฌํ•˜๋Š”๋ฐ ์ด์šฉํ•  ์ˆ˜ ์žˆ์–ด์š”. ์ฆ‰, ์ฃผ์š” ๋ชฉํ‘œ๋Š” ๋น„๋ฐ€ ์ •๋ณด๋ฅผ ๋ณดํ˜ธํ•˜๊ณ , ๋ฐ์ดํ„ฐ ๋ฌด๊ฒฐ์„ฑ์„ ์œ ์ง€ํ•ด ์ฃผ๋Š” ๋„๊ตฌ์—์š”.

 

์ฃผ์š” ๊ธฐ๋Šฅ ๊ฐœ     ๋…
Secret Storage (๋น„๋ฐ€ ์ €์žฅ์†Œ) ๋น„๋ฐ€ ์ •๋ณด๋ฅผ ์ค‘์•™ ์ง‘์ค‘์‹ ์ €์žฅ์†Œ์— ๋ณด๊ด€.
ํ•ด๋‹น ์ •๋ณด๋Š” Database ๋น„๋ฐ€ ์ •๋ณด, API Key, ์•”ํ˜ธํ™” Key ๋“ฑ์„ ํฌํ•จ.
์ ‘๊ทผ ์ œ์–ด ๋ฐ ๊ถŒํ•œ ๊ด€๋ฆฌ ์‚ฌ์šฉ์ž ๋ฐ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์— ๋Œ€ํ•œ ์—„๊ฒฉํ•œ ์ ‘๊ทผ ์ œ์–ด ๊ธฐ๋Šฅ ์ œ๊ณต.
์‚ฌ์šฉ์ž ๋ฐ ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์€ ํ•„์š”ํ•œ ๋น„๋ฐ€ ์ •๋ณด์— ๋Œ€ํ•œ ์ ‘๊ทผ ๊ถŒํ•œ์„ ๋ถ€์—ฌ ๋ฐ›์•„์•ผ ํ•จ.
๋™์  ์‹œํฌ๋ฆฟ ์ƒ์„ฑ ๋น„๋ฐ€ ์ •๋ณด๋ฅผ ๋™์ ์œผ๋กœ ์ƒ์„ฑํ•  ์ˆ˜ ์žˆ์œผ๋ฉฐ, ์ด๋ฅผ ํ†ตํ•ด ์ผํšŒ์šฉ ๋น„๋ฐ€ ์ •๋ณด ๋˜๋Š” ์ œํ•œ๋œ ์œ ํšจ ๊ธฐ๊ฐ„์„ ๊ฐ€์ง„ ๋น„๋ฐ€ ์ •๋ณด ์ƒ์„ฑ ๊ฐ€๋Šฅ.
์•”ํ˜ธํ™” ๋ฐ ๋ณตํ˜ธํ™” ๋ฐ์ดํ„ฐ๋ฅผ ์•”ํ˜ธํ™”ํ•˜๊ณ , ๋ณตํ˜ธํ™”ํ•˜๋Š”๋ฐ ์‚ฌ์šฉ. ์ด๋ฅผ ํ†ตํ•ด ๋ฐ์ดํ„ฐ ๋ณดํ˜ธ์™€ ๋ฌด๊ฒฐ์„ฑ ์œ ์ง€์— ์ค‘์š”ํ•œ ์—ญํ• .
๋ณด์•ˆ ์ธ์ฆ ๋ฐ ๊ถŒํ•œ ๋ถ€์—ฌ ๋‹ค์–‘ํ•œ ์ธ์ฆ ๋ฐ ๊ถŒํ•œ ๋ถ€์—ฌ ๋ฉ”์ปค๋‹ˆ์ฆ˜์„ ์ง€์›ํ•˜์—ฌ 
Auditing & Monitoring ๋ชจ๋“  ๋น„๋ฐ€ ์ •๋ณด ์ ‘์† ๋ฐ ๋ณ€๊ฒฝ์„ Auditingํ•˜๊ณ , Monitoringํ•  ์ˆ˜ ์žˆ์Œ.
์ด๋ฅผ ํ†ตํ•ด ๋ณด์•ˆ ๋ฐ ๊ทœ์ • ์ค€์ˆ˜ ์‚ฌํ•ญ์„ ์ง€ํ‚ฌ ์ˆ˜ ์žˆ๋„๋ก ํ•จ.
Clieint Library ๋‹ค์–‘ํ•œ Programing Languge๋ฅผ ์ง€์›ํ•˜๋Š” Client Library๊ฐ€ ์žˆ๊ธฐ ๋•Œ๋ฌธ์— Application์—์„œ Valut์™€ ํ†ตํ•ฉํ•˜๊ธฐ ์‰ฌ์›€.

 

๋ณผํŠธ๋Š” Cloud(ํด๋ผ์šฐ๋“œ) ํ™˜๊ฒฝ์—์„œ๋„ ์‚ฌ์šฉ ๊ฐ€๋Šฅํ•˜๊ณ , ๋งŽ์€ ์กฐ์ง์ด ๋ณด์•ˆ ์š”๊ตฌ ์‚ฌํ•ญ์„ ์ถฉ์กฑํ•˜๊ธฐ ์œ„ํ•ด ๋ณผํŠธ๋ฅผ ์‚ฌ์šฉํ•˜๊ณ  ์žˆ์–ด์š”.
์• ํ”Œ๋ฆฌ์ผ€์ด์…˜์—์„œ ์‚ฌ์šฉ๋˜๋Š” ๋น„๋ฐ€ ์ •๋ณด๋ฅผ ์ค‘์•™ ์ง‘์ค‘์‹์œผ๋กœ ๊ด€๋ฆฌํ•˜๊ณ , ๋ณด๊ณ ํ•˜๊ธฐ ์œ„ํ•œ ๊ฐ•๋ ฅํ•œ ๋„๊ตฌ๋กœ ์ธ์ • ๋ฐ›๊ณ  ์žˆ๋‹ต๋‹ˆ๋‹ค.

 

 

 

    ๐Ÿ”ฝ  Valut ์„ค์น˜ ๋ฐ ๊ตฌ์„ฑ

        ๐Ÿ“ฆ Docker

์ตœ์ดˆ Docker(๋„์ปค)๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ ๋ณผํŠธ๋ฅผ ๊ตฌ์„ฑํ•˜๊ธฐ ์œ„ํ•ด Docker Compose(๋„์ปค ์ปดํฌ์ฆˆ)๋กœ ๊ตฌ์„ฑํ•ด ๋ณด๋ ค๊ณ  ํ•ด์š”.

 

728x90
version: "3.3"
volumes:
  vault_data: { }
services:
  junyss_vault:
    image: vault:1.13.3
    container_name: junyss_vault
    restart: unless-stopped
    hostname: junyss_vault
    volumes:
      - /docker/dirMapping/valut/config:/vault/config
      - /docker/dirMapping/valut/data:/vault/file
      - /docker/dirMapping/valut/logs:/vault/logs
    ports:
      - "8082:8200"
    cap_add:
      - IPC_LOCK
    command: vault server -config=/vault/config/config.hcl


์œ„ ์ปดํฌํŠธ ๊ด€๋ จํ•ด์„œ ๊ฐ๊ฐ ์–ด๋–ค ๋‚ด์šฉ์ธ์ง€ ๋ถ„์„ํ•ด ๋ณผ๊ฒŒ์š”.

Section ์ƒ์„ธ ๋‚ด์šฉ
version: "3.3" ๋„์ปค ์ปดํฌ์ฆˆ ํŒŒ์ผ์˜ ๋ฒ„์ „ ๋ช…์‹œ.
volumes ๋„์ปค ๋ณผ๋ฅจ ์ •์˜.
Container์—์„œ ์‚ฌ์šฉํ•  ๋ณผ๋ฅจ์„ ์„ค์ •ํ•˜๋Š” ๋ฐ ์‚ฌ์šฉ.

- valut_data: Valut Data ์ €์žฅ ๋ณผ๋ฅจ ์ •์˜.
   Valut์˜ Data์™€ ์„ค์ • ํŒŒ์ผ์ด ์—ฌ๊ธฐ์— ์ €์žฅ.
services ๋„์ปค ์ปดํฌ์ฆˆ๋กœ ์‹คํ–‰ํ•  ์„œ๋น„์Šค ์ •์˜.

- valut: valut ์„œ๋น„์Šค ์ •์˜
  - image: valut Container์—์„œ ์‚ฌ์šฉํ•  ๋„์ปค ์ด๋ฏธ์ง€ ์ง€์ •.
  - container_name: Container ์ด๋ฆ„ ์ง€์ •.
  - volumes: Container์™€ Host File System ๊ฐ„ Volume
     Mapping ์„ค์ •.
     ์ด๋ฅผ ํ†ตํ•ด Container์˜ Config file, Data, Log ๋“ฑ์„ Host์˜
     ํŠน์ • ๋””๋ ‰ํ„ฐ๋ฆฌ์— ์ €์žฅ.
  - ports: Host์™€ Container ๊ฐ„ Port Mapping.
  - cap_add: Container์— ์ถ”๊ฐ€ ๊ถŒํ•œ ๋ถ€์—ฌ.
     IPC_LOCK์€ Container์—์„œ ๊ณ ์œ 
     IPC(Inter-Process Communication) Name Space๋ฅผ
     ์‚ฌ์šฉํ•˜๋„๋ก ํ—ˆ์šฉ.
   - command: Container ์‹œ์ž‘ํ•  ๋•Œ ์‹คํ–‰ ๋ช…๋ น์–ด ์ •์˜.
      valut server - config... ๋ฅผ ์‚ฌ์šฉํ•˜์—ฌ Valut Server ์‹คํ–‰ํ•˜๋ฉฐ,
      ์„ค์ • ํŒŒ์ผ์€ /vault/config/config.hcl์—์„œ Load



mkdir -p <Directory>


Container(์ปจํ…Œ์ด๋„ˆ) ๋‚ด๋ถ€ ๋””๋ ‰ํ„ฐ๋ฆฌ์™€ Mapping(๋งคํ•‘)ํ•  Directory(๋””๋ ‰ํ„ฐ๋ฆฌ)๋ฅผ ์œ„์™€ ๊ฐ™์ด ๋งŒ๋“ค์–ด ์ฃผ์—ˆ์–ด์š”.


sudo vim /docker/dirMapping/valut/config/config.hcl

๋ฐ˜์‘ํ˜•
ui = true
api_addr = "http://192.168.20.253:8200" # vault ์„œ๋ฒ„ ์ฃผ์†Œ
disable_mlock = true

listener "tcp" {
    address = "0.0.0.0:8200"
    tls_disable = "true"
}

storage "file" {
    path = "/vault/file"
}


์œ„ ์„ค์ • ํŒŒ์ผ์€ ๋ณผํŠธ ์„ค์ • ํŒŒ์ผ์ด์—์š”. ์ด๊ฒƒ์„ ํ†ตํ•ด ๋ณผํŠธ์˜ ๋™์ž‘๊ณผ ๊ตฌ์„ฑ์— ๋Œ€ํ•œ ์ •๋ณด๋ฅผ ์ •์˜ํ•ด ์ค„ ์ˆ˜ ์žˆ์–ด์š”.

Section ์ƒ์„ธ ๋‚ด์šฉ
ui = true ๋ณผํŠธ ์›น UI ํ™œ์„ฑํ™”.
์›น ๋ธŒ๋ผ์šฐ์ €๋ฅผ ํ†ตํ•ด ๋ณผํŠธ์— ๋Œ€ํ•œ GUI ์ ‘๊ทผ ๊ฐ€๋Šฅ.
api_addr = "http://192.168.20.253:8200" ๋ณผํŠธ ์„œ๋ฒ„ API ์ฃผ์†Œ ์„ค์ •.
๋ณผํŠธ ์„œ๋ฒ„ API๋Š” Client Application๊ณผ ์ƒํ˜ธ ์ž‘์šฉํ•˜๋Š”๋ฐ ์‚ฌ์šฉ.
disable_mlock = true Memory Lock์„ ๋น„ํ™œ์„ฑํ™” ํ•˜๋„๋ก ์„ค์ •.
Memory Lock์€ Memory์˜ ์ผ๋ถ€๋ฅผ ๋ฌถ์–ด ๋‹ค๋ฅธ Process๊ฐ€ ์ ‘๊ทผํ•˜์ง€ ๋ชปํ•˜๊ฒŒ ํ•˜๋Š” ๋ณด์•ˆ ๋ฉ”์ปค๋‹ˆ์ฆ˜ ์ค‘ ํ•˜๋‚˜.

์ด ๋ถ€๋ถ„์„ true๋กœ ํ•จ์œผ๋กœ Memory Lock์„ ๋น„ํ™œ์„ฑํ™”.
listener "tcp" ๋ณผํŠธ ์„œ๋ฒ„๊ฐ€ ์ˆ˜์‹  ๋Œ€๊ธฐํ•˜๊ณ  Client์˜ ์—ฐ๊ฒฐ์„ ์ˆ˜๋ฝํ•˜๋Š” Network litener ์ •์˜.

- address = "0.0.0.0:8200": ๋ชจ๋“  ๋„คํŠธ์›Œํฌ ๋Œ€์—ญ์˜ 8200 ํฌํŠธ์—์„œ
   Client ์—ฐ๊ฒฐ ์ˆ˜๋ฝ ํ—ˆ์šฉ.

- tls_disable = "true": TLS(Transport Layer Security) ๋น„ํ™œ์„ฑํ™” ํ•˜๋„๋ก ์„ค์ •.

- storage "file": Valut Data ์ €์žฅ Back End Storage ์ •์˜.
  - path = "valut/file": Vault Data file์„ /valut/file Directory์— ์ €์žฅํ•˜๋„๋ก ์„ค์ •.
     ์ด Directory๋Š” ๋ณผํŠธ๊ฐ€ Data๋ฅผ ์ €์žฅํ•˜๊ณ , ๊ด€๋ฆฌํ•˜๋Š” ์œ„์น˜.




docker-compose up -d


์œ„์™€ ๊ฐ™์ด ๋„์ปค ์ปจํ…Œ์ด๋„ˆ๋ฅผ ๊ธฐ๋™ ์‹œ์ผœ ์ฃผ์—ˆ์–ด์š”.

 

 

http://192.168.20.253:8200

 


์œ„์™€ ๊ฐ™์ด ๋ณผํŠธ์— ์›น ๋ธŒ๋ผ์šฐ์ €๋ฅผ ํ†ตํ•ด ์ ‘์†ํ•  ์ˆ˜ ์žˆ๋Š” ๊ฑธ ํ™•์ธํ•  ์ˆ˜ ์žˆ์–ด์š”.

 

 

 

 

        ๐Ÿ“ฆ ์ดˆ๊ธฐ ๊ตฌ์„ฑ

๋ณผํŠธ๋ฅผ ์ •์ƒ์ ์œผ๋กœ ๋„์—ˆ์œผ๋‹ˆ ์ด์ œ ๋กœ๊ทธ์ธ์„ ํ•ด๋ด์•ผ ํ•ด์š”.

 

์ตœ์ดˆ ์œ„์™€ ๊ฐ™์ด ๋ชจ๋‘ 1์„ ์ž…๋ ฅํ•˜๊ณ , Initialize๋ฅผ ํด๋ฆญํ•ด ์ฃผ์„ธ์š”.

 


๊ทธ๋Ÿฐ ๋’ค ์œ„์™€ ๊ฐ™์ด Download keys๋ฅผ ๋ˆŒ๋Ÿฌ Key ๊ฐ’ ํŒŒ์ผ์„ ๋‚ด๋ ค ๋ฐ›์•„ ์ค๋‹ˆ๋‹ค.

๊ทธ๋Ÿฐ ๋’ค Continue to Unseal์„ ํด๋ฆญํ•ด ์ค„๊ฒŒ์š”.



 

 


ํ•ด๋‹น ํŒŒ์ผ์€ ์œ„์™€ ๊ฐ™์€ ํ˜•์‹์œผ๋กœ ์ž‘์„ฑ ๋˜์–ด ์žˆ์„๊ฑฐ์—์š”.

 


์ด ๋ถ€๋ถ„์— ํŒŒ์ผ์— ์ ํ˜€ ์žˆ๋˜ keys์˜ ""๋ฅผ ์ œ์™ธํ•œ Key ๊ฐ’์„ ๋„ฃ์–ด์ฃผ์„ธ์š”.

 

 

COUPANG

์ฟ ํŒก์€ ๋กœ์ผ“๋ฐฐ์†ก

www.coupang.com

"์ด ํฌ์ŠคํŒ…์€ ์ฟ ํŒก ํŒŒํŠธ๋„ˆ์Šค ํ™œ๋™์˜ ์ผํ™˜์œผ๋กœ, ์ด์— ๋”ฐ๋ฅธ ์ผ์ •์•ก์˜ ์ˆ˜์ˆ˜๋ฃŒ๋ฅผ ์ œ๊ณต๋ฐ›์Šต๋‹ˆ๋‹ค."

 




์ด ๋ถ€๋ถ„์— Method๋Š” Token์œผ๋กœ ์„ ํƒํ•˜๊ณ , Token ๋ถ€๋ถ„์— ํŒŒ์ผ์— root_token์˜ ""๋ฅผ ์ œ์™ธํ•œ Key ๊ฐ’์„ ๋„ฃ์–ด์ฃผ์„ธ์š”.
๊ทธ๋Ÿฐ ๋’ค Sign In ๋ฒ„ํŠผ์„ ๋ˆŒ๋Ÿฌ์ฃผ๋ฉด ๋œ๋‹ต๋‹ˆ๋‹ค.


 

 

 

 

์œ„์™€ ๊ฐ™์ด ์„œ๋น„์Šค์— ์ ‘์†ํ•  ์ˆ˜ ์žˆ์–ด์š”.

 

 

 

 

 

 

        ๐Ÿ“ฆ Profile Config

์œ„์™€ ๊ฐ™์ด ์›น UI๋ฅผ ์ด์šฉํ•  ์ˆ˜๋„ ์žˆ์ง€๋งŒ, CLI ํ™˜๊ฒฝ์—์„œ ์‚ฌ์šฉํ•˜๊ณ  ์‹ถ์„ ์ˆ˜๋„ ์žˆ์„ํ…Œ๋‹ˆ ํ•ด๋‹น ์„ค์ •์„ ์ง„ํ–‰ํ•ด ๋ณผ๊ฒŒ์š”.

๋งŒ์•ฝ Profile(ํ”„๋กœํ•„) ์„ค์ •์„ ํ•˜์ง€ ์•Š๊ณ , vault ๋ช…๋ น์–ด๋ฅผ ์‹คํ–‰ํ•˜๊ฒŒ ๋˜๋ฉด ์•„๋ž˜์™€ ๊ฐ™์ด ์˜ค๋ฅ˜๊ฐ€ ๋ฐœ์ƒํ•  ๊ฑฐ์—์š”.

docker exec -it <Container ID> /bin/sh


์ตœ์ดˆ ์œ„ ๋ช…๋ น์–ด๋ฅผ ์ด์šฉํ•ด์„œ ๋ณผํŠธ ์ปจํ…Œ์ด๋„ˆ์— ์ ‘์†ํ•ด ์ฃผ์—ˆ์–ด์š”.

vault status


์ด๋ ‡๊ฒŒ ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•˜๋ ค๊ณ  ํ•˜๋ฉด ๋ฌธ์ œ๊ฐ€ ๋ฐœ์ƒํ•ด์š”.


vi ~/.profile

export VAULT_ADDR="http://127.0.0.1:8200"
export VAULT_TOKEN="hvs.EwyXMoRXoseiVXke0TdXiDYe"


์œ„ ๋‚ด์šฉ์„ profile file์— ์ €์žฅํ•ด ์ฃผ์—ˆ์–ด์š”. VAULT_TOKEN ๋ถ€๋ถ„์—๋Š” ์œ„์—์„œ ๋‚ด๋ ค ๋ฐ›์€ json ํŒŒ์ผ์˜
root_token์˜ ""๋ฅผ ์ œ์™ธํ•œ Key ๊ฐ’์„ ๋„ฃ์–ด์ฃผ๋ฉด ๋œ๋‹ต๋‹ˆ๋‹ค.


source ~/.profile


๊ทธ๋Ÿฐ ๋’ค ์œ„ ๋ช…๋ น์–ด๋ฅผ ํ†ตํ•ด .profile ๋‚ด์šฉ์„ ์ ์šฉ ์‹œ์ผœ์ฃผ์–ด์•ผ ํ•ด์š”.

 

 

vault status


๊ทธ๋Ÿผ ์œ„์™€ ๊ฐ™์ด ๋ณผํŠธ ๋ช…๋ น์–ด๊ฐ€ ์ž‘๋™ํ•˜๋Š” ๊ฒƒ์„ ํ™•์ธํ•  ์ˆ˜ ์žˆ์–ด์š”.

 

 

 

 

 

 

 

 

 

        ๐Ÿ“ฆ ID & Password ์‚ฌ์šฉ

์ด๋ฒˆ์—๋Š” Token(ํ† ํฐ)์ด ์•„๋‹ˆ๊ณ , ID์™€ ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ์ด์šฉํ•ด์„œ ๋กœ๊ทธ์ธํ•  ์ˆ˜ ์žˆ๋„๋ก ์„ค์ •ํ•ด ๋ณผ๊ฒŒ์š”.

vault login <root_token>

์ตœ์ดˆ ์œ„์™€ ๊ฐ™์ด root_token์„ ์ด์šฉํ•˜์—ฌ root๋กœ vault์— ๋กœ๊ทธ์ธํ•˜์—ฌ ์ฃผ์—ˆ์–ด์š”.

 

 

 

vault auth enable userpass

๋ณผํŠธ์—๊ฒŒ ID์™€ ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ์ž…๋ ฅํ•ด์„œ ์ธ์ฆํ•˜๋Š” ๋ฐฉ์‹์„ ํ—ˆ์šฉํ•˜๋ผ๊ณ  ๋ช…๋ นํ•ด ์ฃผ์—ˆ์–ด์š”!

 

vault write auth/userpass/users/root password=<Root Passowrd>


์œ„ ๋ช…๋ น์–ด๋ฅผ ํ†ตํ•ด root ๊ณ„์ •์— ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ์ง€์ •ํ•ด ์ฃผ์—ˆ์–ด์š”.

 

๊ทธ๋Ÿผ ์œ„์™€ ๊ฐ™์ด Method๋ฅผ Username์„ ์ด์šฉํ•ด์„œ ID์™€ ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ์ด์šฉํ•˜์—ฌ ๋กœ๊ทธ์ธํ•  ์ˆ˜ ์žˆ์–ด์š”.

 

 

 

 

 

๐Ÿง ์ฐธ๊ณ  ์ž๋ฃŒ

 

Vault userpass๋ฐฉ์‹ ๋กœ๊ทธ์ธ ๋ฐ Policy ์ ์šฉํ•˜๊ธฐ

Vault userpass๋ฐฉ์‹์„ ์‚ฌ์šฉํ•œ Vault์„œ๋ฒ„ ๋กœ๊ทธ์ธ ๋ฐ policy๋ฅผ ํ†ตํ•œ ๊ถŒํ•œ ๋ถ€์—ฌ ์ด์ „ ๋ฐฉ์‹์—์„œ๋Š” Token์„ ํ†ตํ•ด ๊ถŒํ•œ์˜ ํ™•์ธ์„ ์ง„ํ–‰ํ•ด ๋ณด์•˜๋‹ค. ์ด๋ฒˆ์—๋Š” ์—ฌ๊ธฐ์— userpass๋ฅผ ๋ถ™์—ฌ๋ณธ๋‹ค. 1. Vault์„œ๋ฒ„์— Root ๊ณ„์ •์œผ๋กœ

hello-backend.tistory.com

 

 

 

 

 

728x90
๋ฐ˜์‘ํ˜•