ezb_vault

Vault storage (ezb_vault)

The vault service, store key/value pair in a central store. It's used to not hardcode data in worker's scripts, like password or constant.

Use case

New secret

• Get your JWT auth token from a ezb_sta.
• Create header and body.
• Call the vault.

$a = Invoke-RestMethod -Uri http://ezb_sta.fqdn/token -UseDefaultCredentials
if($a) {
  $h = @{}
  $h.Authorization = "bearer "+ $a.access_token
  $h."EZB-VAULT-KEY" = "AEScryptKEY"
  $key = @{}
  $key.key = "firstkey"
  $key.value = "firstvalue"
  Invoke-RestMethod -Headers $h -Uri https://ezb_vault.fqdn -Method Post -Body $( $key | ConvertTo-Json -Compress) -ContentType "application/json"
}

Retrieve secret

• one

Invoke-RestMethod -Headers $h -Uri https://ezb_vault.fqdn/firstkey

• all

Invoke-RestMethod -Headers $h -Uri https://ezb_vault.fqdn

Update a secret

Invoke-RestMethod -Headers $h -Uri https://ezb_vault.fqdn/firstkey -Method Put -Body $( $key | ConvertTo-Json -Compress) -ContentType "application/json"

Delete a secret

Invoke-RestMethod -Headers $h -Uri https://ezb_vault.fqdn/firstkey -Method Delete

SETUP

1. Download ezb_vault from GitHub

2. Open an admin command prompte, like CMD or Powershell.

3. Run ezb_vault.exe with init option.

    PS E:\ezbastion\ezb_vault> ezb_vault init

this commande will create folder and the default config.json file.

{
    "listen": ":5100",
    "privatekey": "cert/ezb_vault.key",
    "publiccert": "cert/ezb_vault.crt",
    "cacert": "cert/ca.crt",
    "dbpath": "db/ezb_vault.db",
    "servicename": "ezb_vault",
    "servicefullname": "Easy Bastion Vault",
    "loglevel": "warning"
}

/!\ Don't forget to copy all public STA certificat to the cert folder /!
cert name must match jwt ISS value.

4. Install Windows service and start it.

    PS E:\ezbastion\ezb_vault> ezb_vault install
    PS E:\ezbastion\ezb_vault> ezb_vault start

Copyright

Copyright (C) 2018 Renaud DEVERS info@ezbastion.com

Used library: