Dirty Harry Wiki: Credhub

This page (revision-26) was last changed on 23-Apr-2022 17:06 by Harry Metske

This page was created on 23-Apr-2022 17:05 by Harry Metske

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Pagination: Previous 12all (Total items: 26 )

Version	Date Modified	Size	Author	Changes ...
26	23-Apr-2022 17:06	30 KB	Harry Metske	to previous
25	23-Apr-2022 17:05	30 KB	Harry Metske	to previous \| to last
24	23-Apr-2022 17:05	30 KB	Harry Metske	to previous \| to last
23	23-Apr-2022 17:05	29 KB	Harry Metske	to previous \| to last
22	23-Apr-2022 17:05	29 KB	Harry Metske	to previous \| to last
21	23-Apr-2022 17:05	28 KB	Harry Metske	to previous \| to last

Pagination: Previous 12all (Total items: 26 )

Page References

Incoming links	Outgoing links
Credhub...nobody	Credhub

Version management

Difference between version and

At line 68 changed one line

curl -k --silent https://192.168.50.6:8844/info|jq '.["auth-server"].url' }}}

curl -k --silent https://192.168.50.6:8844/info|jq '.["auth-server"].url' -r

https://192.168.50.6:8443

}}}

At line 73 changed one line

uaac token client get uaa_admin -s $(cat <(bosh int creds.yml --path /uaa_admin_client_secret))

uaac token client get uaa_admin -s l128pcpdag6olta4ec1x # get this password from creds.yml#uaa_admin_client_secret

At line 99 added 2 lines

metskem@athena ~/workspace/boshlite/deployments/vbox

At line 101 removed 3 lines

%%collapsebox

__clients__

%%small

At line 163 removed 2 lines

At line 722 changed one line

metskem@athena-2 ~/workspace/boshlite/deployments/vbox uaac token client get credhub-admin -s $(bosh int creds.yml --path /credhub_admin_client_secret)

metskem@athena-2 ~/workspace/boshlite/deployments/vbox uaac token client get credhub-admin -s mtpsxo2s0igmjab6hntk

At line 732 changed one line

metskem@athena-2 ~/workspace/boshlite/deployments/vbox credhub login -s https://192.168.50.6:8844 --ca-cert <(bosh int creds.yml --path /credhub_tls/ca) --skip-tls-validation --client-name credhub-admin --client-secret $(bosh int creds.yml --path /credhub_admin_client_secret)

At line 789 removed one line

! Finding creds

At line 791 removed 52 lines

Simply use the __credhub find__ with no arguments:

{{{

metskem@athena-2 ~/workspace/boshlite/deployments/vbox credhub find

credentials:

- name: /yy/sample-rsa

version_created_at: "2018-09-21T12:35:39Z"

- name: /xx/sample-rsa

version_created_at: "2018-09-21T12:35:34Z"

- name: /static/sample-rsa

version_created_at: "2018-09-21T12:25:52Z"

- name: /static/ssh_key

version_created_at: "2018-09-21T12:23:52Z"

}}}

! Exporting (backup) creds

Simply use the __credhub export__ command.

! Importing (restore) creds

Simply use the __credhub import__ command.\\

It does however complain about ssh-type entries:

{{{

Credential '/static/ssh_key' at index 8 could not be set: The request includes an unrecognized parameter 'public_key_fingerprint'. Please update or remove this parameter and retry your request.

}}}

! Test deploy and see if it works

We took the [gogs boshrelease|https://github.com/cloudfoundry-community/gogs-boshrelease] as a test case.

We uploaded the required stemcell and deployed with __bosh -n deploy -d gogs ~/workspace/gogs-boshrelease/manifests/gogs.yml__, this gogs.yml file has several secrets in it.\\

After deploying it simply works, and with the __credhub find__ command, you see that several entries were created:

{{{

metskem@athena-2 ~/workspace/boshlite/deployments/vbox/gogs: credhub find

credentials:

- name: /static/ssh_key

version_created_at: "2018-09-22T13:59:45Z"

- name: /static/sample-rsa

version_created_at: "2018-09-22T13:59:45Z"

- name: /xx/sample-rsa

version_created_at: "2018-09-22T13:59:45Z"

- name: /yy/sample-rsa

version_created_at: "2018-09-22T13:59:45Z"