logo

Vault configuration

#Connect to vault

Set those variables according to your deployment:

export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=s.jyH1vmrOmkZ0FZZ0NZtgRenS

You can test the authentication running the following command:

$ vault status

Type: shamir
Sealed: false
Key Shares: 1
Key Threshold: 1
Unseal Progress: 0
Unseal Nonce: 
Version: 1.3.4
Cluster Name: vault-cluster-650930cf
Cluster ID: 9f40327d-ec71-9655-b728-7588ce47d0b4

High-Availability Enabled: false
```

## Create the following policy files

peatio-rails.hcl

```
# Manage the transit secrets engine
path "transit/keys/*" {
  capabilities = [ "create", "read", "list" ]
}

# Encrypt secrets
path "transit/encrypt/*" {
  capabilities = [ "create", "update" ]
}

# Renew tokens
path "auth/token/renew" {
  capabilities = ["update"]
}

# Lookup tokens
path "auth/token/lookup" {
  capabilities = ["update"]
}
```

finex-engine.hcl

```
path "transit/*" {
  capabilities = [ "read" ]
}

# Decrypt secrets
path "transit/decrypt/*" {
  capabilities = [ "create", "update" ]
}

# Use key for signing
path "transit/sign/*" {
  capabilities = ["update"]
}

# Create transit key
path "transit/keys/*" {
  capabilities = ["create"]
}

# Renew tokens
path "auth/token/renew" {
  capabilities = ["update"]
}

# Lookup tokens
path "auth/token/lookup" {
  capabilities = ["update"]
}
```

## Create ACL groups

```bash
vault policy write peatio-rails peatio-rails.hcl
vault policy write finex-engine finex-engine.hcl
```

## Create applications tokens

```bash
vault token create -policy=peatio-rails -period=30m
vault token create -policy=finex-engine -period=30m
```


export const SidebarData = [{value:"Connect to vault", link:"connect-to-vault", },{value:"Create the following policy files", link:"create-the-following-policy-files", },{value:"Create ACL groups", link:"create-acl-groups", },{value:"Create applications tokens", link:"create-applications-tokens", },];