所以我试图看看如何使用s3作为Vault的存储选项。运行vault operator init给我键和令牌。它还会在存储桶中创建core和sys目录。但是运行vault operator unseal时出现此错误:
Error unsealing: Error making API request.
URL: PUT http://127.0.0.1:8200/v1/sys/unseal
Code: 400. Errors:
* Vault is not initialized
只是您是否想知道这是我的存储桶政策
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::[redacted]",
"Condition": {
"StringEquals": {
"aws:sourceVpc": "vpc-[redacted]"
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::[redacted]",
"arn:aws:s3:::[redacted]/*"
],
"Condition": {
"StringEquals": {
"aws:sourceVpc": "vpc-[redacted]"
}
}
}
]
}
这是我的保管库配置:
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
}
storage "s3" {
access_key = "[redacted]"
secret_key = "[redacted]"
bucket = "[redacted]/vault/"
region = "[redacted]"
}
api_addr = "http://127.0.0.1:8200"
max_lease_ttl = "10h"
default_lease_ttl = "10h"
ui = false
disable_mlock = false
我用vault server -config=/etc/vault/config.hcl启动服务器