Add TLS support, self-signed TLS Certs #23
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Makes TLS usable from VMs. This adds TLS Certificate generation to Vault, and sets the CA Environment Variable for Vault and the corresponding CA Cert Environment Variable for cURL. These are self-signed, so they won't totally validate outside of Vault. But they work. I was not able to get the OS Root Trust Store to update properly, and some of that code may need to be modified. This commit also updates documentation to use HTTPS. Updated the main docs to show HTTPS for the Vault servers. People will need to temporarily trust the self-signed certificates generated by Vagrant for these Vault servers. Some of the other docs had http://127.0.0.1:8200 as their target for demonstrations. Most of them refer to $VAULT_ADDR, but I have changed the ones that refer to a specific IP address. Update README.md to note Trusting Self-Signed Certificates is needed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Makes TLS usable from VMs.
This adds TLS Certificate generation
to Vault, and sets the CA
Environment Variable for Vault and
the corresponding CA Cert Environment
Variable for cURL.
These are self-signed, so they won't
totally validate outside of Vault.
But they work.
I was not able to get the OS Root Trust
Store to update properly, and some of that
code may need to be modified.
This commit also updates documentation to use HTTPS.
Updated the main docs
to show HTTPS for the Vault
servers.
People will need to temporarily
trust the self-signed certificates
generated by Vagrant for these Vault
servers.
Some of the other docs had
http://127.0.0.1:8200 as their
target for demonstrations.
Most of them refer to $VAULT_ADDR,
but I have changed the ones that
refer to a specific IP address.
Update README.md to note Trusting Self-Signed Certificates is needed.
Squashed this into the content from #22