I run into this about every tenth day. Just enough off the pace of memorization to look it up when a switch misfires… ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub Just in case. A lot of the work I’m doing today, and the last few days, is re-working id_rsa and other secret retrieval from vault, grabbing…
Continue Readingvault
Vault and Self-signed Certs
In a distributed AWS cloud environment, SSL certs live on the ELB instances and are signed by known CA’s. Backend encryption using self-signed certs is seamless. As soon as Jenkins, consul+vault and the nebula utilities API are brought together onto the same box (Nebula-in-a-Box), and are moved to using consul service discovery, SSL naming and…
Continue ReadingDeleting the Hashicorp Whitelist Entry…
In working with Hashicorp vault I used an AWS role to automagically enable an instance to communicate with vault. That worked really well. But in developing and testing sometimes I needed that AWS instance to be reverted in vault – to no longer be registered. That required tracing down where and how that auth happens…
Continue Reading