Keystore cluster based on Vault & Consul

具体部署可参考 敏感信息的加密存储 以及 基于 Consul 的服务发现

Vault + consul 配置

Consul 配置. consul1.json: :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
  "datacenter": "cn-shanghai-b",
  "data_dir": "./consul",
  "log_level": "INFO",
  "node_name": "consul1",
  "server": true,
  "bootstrap_expect": 3,
  "rejoin_after_leave": true,
  "disable_host_node_id": true,
  "retry_join": ["vault2", "vault3"],
  "ui": true,
  "bind_addr": "172.16.2.240",
  "addresses": {
    "http": "0.0.0.0"
  },
  "ports": {
  }
  ,
  "services": [
    {
        "name": "vault",
        "port": 8200,
        "check": {
          "id": "vault1",
          "http": "http://vault1:8200",
          "tls_skip_verify": true,
          "interval": "10s",
          "timeout": "3s",
          "status": "passing"
        }
    }
  ]
}

Vault 配置. vault.hcl:

1
2
3
4
5
6
7
8
9
10
11
12
13
storage "consul" {
  address = "127.0.0.1:8500"
  path    = "vault"
}

listener "tcp" {
  address     = "0.0.0.0:8200"
  tls_disable = 1
}

disable_mlock = 1
api_addr = "http://vault:8200"
ui = true

— END —