Medusa test

23.09.21

kubectl exec -it vault-0 -- sh

/ $ vault operator init
Recovery Key 1: 5QIqsFPa6azxHSx1x4QCTOJrpTpD2lwzE9aa4PSUyltS
Recovery Key 2: 79vz8Mviue6yORl3sSVoS4UOAizYSbsKKDp03HzRkc/f
Recovery Key 3: BiZPn5EUxykA9do+SiCA0TvT7ILVPEg2xULO592UZuKK
Recovery Key 4: SoqqSbMNUXVYJHvl1vtiUaLsRUoccLEMzzu5ldJKC0US
Recovery Key 5: VzR8hehDK15bJRKz+8VBGsdB3n7PLQ4IjJ2yGMaIC1do

Initial Root Token: s.G8VkrnwCTJOBBqb7FadjieC8


vault status 
export VAULT_TOKEN=s.G8VkrnwCTJOBBqb7FadjieC8
vault operator raft list-peers

vault operator raft join -leader-ca-cert="$(cat /vault/userconfig/vault-tls/vault_ca)" --address "https://vault-1.vault-internal:8200" "https://vault-0.vault-internal:8200"

vault operator raft join -leader-ca-cert="$(cat /vault/userconfig/vault-tls/vault_ca)" --address "https://vault-2.vault-internal:8200" "https://vault-0.vault-internal:8200"

vault operator raft list-peers

vault secrets enable -version=2 kv

kubectl port-forward svc/vault 8200

 vault secrets list -detailed

vault secrets enable -path="kv-v1" kv

curl -k\
    --header "X-Vault-Token: s.G8VkrnwCTJOBBqb7FadjieC8" \
    --request POST \
    --data @cert.pem \
    https://127.0.0.1:8200/v1/kv-v1/prod/cert/mysql

medusa export kv-v1 -m=kv1 --format="yaml" --insecure > kv-v1.yaml


---
# Generate private key
openssl genrsa -out private-key.pem 4096

# Generate public key
openssl rsa -in private-key.pem -pubout -out public-key.pem
----

./medusa export kv --address="https://my-vault-server.com" --token="00000000-0000-0000-0000-000000000000" --insecure --encrypt="true" --public-key="public-key.pem" --output="encrypted-vault-secrets.txt"

medusa export kv-v1 -m=kv1 --format="yaml" --insecure --encrypt="true" --public-key="public-key.pem" --output="encrypted-vault-secrets"

---------------------RESTORE VAULT ON THE NEW CLUSTER-----------------------------------------------------------

VAULT_CLIENT_TIMEOUT=300s vault operator init

Recovery Key 1: r3mjas+FfYrBpO76zeQErFiSF6r2orQES02nQiHpDnpQ
Recovery Key 2: HYDRD6VSv+k+U0wlWtgY3GBTwvW+Wd8PXMlxQn/cd5de
Recovery Key 3: ShEZam3h33TY3lhqtV6OQAAoMHdvGkcZplgV12Pe87dZ
Recovery Key 4: bg48Ws2ovcBBH4GQeX/23RIjglbEQn1QUX9qmo7213ab
Recovery Key 5: FZwcALo6+fwwdj3npt8704O0fwHCVpR+OwrLbZyl8FYX

Initial Root Token: s.2MZY7WTSlz6fVNUE4U8b1WRH
s.2MZY7WTSlz6fVNUE4U8b1WRH


export VAULT_TOKEN=s.2MZY7WTSlz6fVNUE4U8b1WRH
vault operator raft list-peers
vault operator raft join --address "http://vault-1.vault-internal:8200" "http://vault-0.vault-internal:8200" && vault operator raft join --address "http://vault-2.vault-internal:8200" "http://vault-0.vault-internal:8200" && vault operator raft list-peers

vault secrets enable -path="kv-v1" kv

medusa import kv-v1 encrypted-vault-secrets --address="http://127.0.0.1:8200" --token="s.2MZY7WTSlz6fVNUE4U8b1WRH" --insecure --decrypt="true" --private-key="private-key.pem"
PreviousVault helm example NextSidecar injector
Last updated 3 years ago
Was this helpful?