深入瞭解安全工具Vault、Vault根令牌和解封密鑰,詳細整理部署Vault的詳細步驟

原創 馬昌偉 2024-05-21 14:23

 


一、深入瞭解安全工具Vault


Vault是一種開源工具,用於安全地存儲、管理和控制訪問各種機密信息,如密碼、API令牌、安全配置和其他敏感數據。Vault使用強大的加密和安全管理技術來保護這些機密信息,併爲應用程序和服務提供安全的訪問控制機制。該工具支持各種雲平臺和技術堆棧,並提供多種API和CLI接口,使其易於集成和使用。Vault的主要特點包括中心化管理、角色分配和權限控制、審計和日誌記錄、動態祕鑰持續更新等。這些功能使得Vault成爲一款頗受開發者和企業信賴的安全工具。


二、Vault根令牌和解封密鑰的含義和作用


Vault 中的根令牌和解封密鑰是用於管理和保護 Vault 中加密數據的重要憑據。

根令牌是 Vault 中的最高權限憑據,擁有此令牌的用戶可以在 Vault 中進行任何操作,包括創建和刪除機密、管理策略、配置身份驗證等。因此,根令牌需要嚴格保密,並只在必要時進行使用。
解封密鑰則是用於解密 Vault 中加密數據的重要憑據,可以用於解密 Vault 的存儲密鑰,解密後可以訪問存儲在 Vault 中的機密信息。因此,解封密鑰也需要嚴格保密,通常會將其存儲在冷存儲中,以防止未經授權的訪問和泄露。只有在必要時才使用解封密鑰,例如在進行恢復操作或在創建新的存儲密鑰時。

三、centos7上部署和啓動Vault的流程


在CentOS 7上部署和啓動Vault可以按照以下步驟進行:

下載Vault二進制文件:可以從官網下載,也可以使用wget命令從Vault的GitHub頁面下載。

安裝Vault:將Vault二進制文件移到/usr/local/bin目錄下,並添加執行權限。

配置Vault:可以在/etc目錄下創建一個Vault配置文件,指定Vault的監聽地址和端口,以及存儲Vault數據的路徑。

啓動Vault:使用vault server命令啓動Vault服務,會自動讀取/etc目錄下的配置文件並啓動服務。

初始化Vault:使用vault init命令初始化Vault,生成一組Root Token和Unseal Key。

解封Vault:使用vault unseal命令輸入Unseal Key解封Vault服務。

登錄Vault:使用vault login命令輸入Root Token登錄Vault。

 

四、vault下載地址


vault下載地址:

vault官方下載地址
選擇下載的版本

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo yum -y install vault

五、安裝vault


執行命令:

sudo yum install -y yum-utils
sudo yum install -y yum-utils
Loaded plugins: fastestmirror, langpacks, priorities, versionlock
Determining fastest mirrors
epel | 4.7 kB 00:00:00
extras | 2.9 kB 00:00:00
hashicorp | 1.4 kB 00:00:00
os | 3.6 kB 00:00:00
pgdg-common/7/x86_64/signature | 198 B 00:00:00
pgdg-common/7/x86_64/signature | 2.9 kB 00:00:00 !!!
pgdg11/7/x86_64/signature | 198 B 00:00:00
pgdg11/7/x86_64/signature | 3.6 kB 00:00:00 !!!
pgdg12/7/x86_64/signature | 198 B 00:00:00
pgdg12/7/x86_64/signature | 3.6 kB 00:00:00 !!!
pgdg13/7/x86_64/signature | 198 B 00:00:00
pgdg13/7/x86_64/signature | 3.6 kB 00:00:00 !!!
pgdg14/7/x86_64/signature | 198 B 00:00:00
pgdg14/7/x86_64/signature | 3.6 kB 00:00:00 !!!
pgdg15/7/x86_64/signature | 198 B 00:00:00
pgdg15/7/x86_64/signature | 3.6 kB 00:00:00 !!!
updates | 2.9 kB 00:00:00
(1/2): pgdg-common/7/x86_64/primary_db | 181 kB 00:00:02
(2/2): hashicorp/7/x86_64/primary | 165 kB 00:00:05
hashicorp 1196/1196
Package yum-utils-1.1.31-54.el7_8.noarch already installed and latest version
Nothing to do


執行命令:sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
Loaded plugins: fastestmirror, langpacks, priorities, versionlock
adding repo from: https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
grabbing file https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo to /etc/yum.repos.d/hashicorp.repo
repo saved to /etc/yum.repos.d/hashicorp.repo

執行命令:sudo yum -y install vault

sudo yum -y install vault
Loaded plugins: fastestmirror, langpacks, priorities, versionlock
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package vault.x86_64 0:1.13.3-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================================================================
Package Arch Version Repository Size
==================================================================================================================================================
Installing:
vault x86_64 1.13.3-1 hashicorp 92 M

Transaction Summary
==================================================================================================================================================
Install 1 Package

Total download size: 92 M
Installed size: 234 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
warning: /var/cache/yum/x86_64/7/hashicorp/packages/vault-1.13.3-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID a621e701: NOKEY00:00:00 ETA
Public key for vault-1.13.3-1.x86_64.rpm is not installed
vault-1.13.3-1.x86_64.rpm | 92 MB 00:00:24
Retrieving key from https://rpm.releases.hashicorp.com/gpg
Importing GPG key 0xA621E701:
Userid : "HashiCorp Security (HashiCorp Package Signing) <[email protected]>"
Fingerprint: 798a ec65 4e5c 1542 8c8e 42ee aa16 fcbc a621 e701
From : https://rpm.releases.hashicorp.com/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vault-1.13.3-1.x86_64 1/1Generating Vault TLS key and self-signed certificate...
Generating a 4096 bit RSA private key
.......................++
.................................................................................................++
writing new private key to 'tls.key'
-----
Vault TLS key and self-signed certificate have been generated in '/opt/vault/tls'.
Verifying : vault-1.13.3-1.x86_64 1/1

Installed:
vault.x86_64 0:1.13.3-1

Complete!

 

六、啓動Vault


執行啓動命令:

vault server -dev -dev-root-token-id=“dev-only-token”
vault server -dev -dev-root-token-id="dev-only-token"
==> Vault server configuration:

Api Address: http://127.0.0.1:8200
Cgo: disabled
Cluster Address: https://127.0.0.1:8201
Environment Variables: CLASSPATH, FLINK_HOME, GODEBUG, HADOOP_HOME, HISTFILE, HISTSIZE, HISTTIMEFORMAT, HIVE_HOME, HOME, HOSTNAME, JAVA_HOME, LANG, LESSOPEN, LOGNAME, LS_COLORS, MAIL, MONGODB_HOME, MSSQL_HOME, PATH, PROMPT_COMMAND, PWD, PYTHON3_HOME, QT_GRAPHICSSYSTEM, QT_GRAPHICSSYSTEM_CHECKED, SHELL, SHLVL, SPARK_HOME, SUDO_COMMAND, SUDO_GID, SUDO_UID, SUDO_USER, TERM, TMOUT, USER, USERNAME, XDG_SESSION_ID, ZOOKEEP_HOME, _
Go Version: go1.20.4
Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level:
Mlock: supported: true, enabled: false
Recovery Mode: false
Storage: inmem
Version: Vault v1.13.3, built 2023-06-06T18:12:37Z
Version Sha: 3bedf816cbf851656ae9e6bd65dd4a67a9ddff5e

==> Vault server started! Log data will stream in below:

2023-06-19T10:38:19.735+0800 [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
2023-06-19T10:38:19.735+0800 [WARN] no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
2023-06-19T10:38:19.736+0800 [INFO] core: Initializing version history cache for core
2023-06-19T10:38:19.736+0800 [INFO] core: security barrier not initialized
2023-06-19T10:38:19.736+0800 [INFO] core: security barrier initialized: stored=1 shares=1 threshold=1
2023-06-19T10:38:19.737+0800 [INFO] core: post-unseal setup starting
2023-06-19T10:38:19.751+0800 [INFO] core: loaded wrapping token key
2023-06-19T10:38:19.751+0800 [INFO] core: successfully setup plugin catalog: plugin-directory=""
2023-06-19T10:38:19.751+0800 [INFO] core: no mounts; adding default mount table
2023-06-19T10:38:19.753+0800 [INFO] core: successfully mounted: type=cubbyhole version="v1.13.3+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2023-06-19T10:38:19.753+0800 [INFO] core: successfully mounted: type=system version="v1.13.3+builtin.vault" path=sys/ namespace="ID: root. Path: "
2023-06-19T10:38:19.754+0800 [INFO] core: successfully mounted: type=identity version="v1.13.3+builtin.vault" path=identity/ namespace="ID: root. Path: "
2023-06-19T10:38:19.755+0800 [INFO] core: successfully mounted: type=token version="v1.13.3+builtin.vault" path=token/ namespace="ID: root. Path: "
2023-06-19T10:38:19.756+0800 [INFO] rollback: starting rollback manager
2023-06-19T10:38:19.757+0800 [INFO] core: restoring leases
2023-06-19T10:38:19.758+0800 [INFO] expiration: lease restore complete
2023-06-19T10:38:19.758+0800 [INFO] identity: entities restored
2023-06-19T10:38:19.759+0800 [INFO] identity: groups restored
2023-06-19T10:38:19.759+0800 [INFO] core: Recorded vault version: vault version=1.13.3 upgrade time="2023-06-19 02:38:19.759135384 +0000 UTC" build date=2023-06-06T18:12:37Z
2023-06-19T10:38:19.981+0800 [INFO] core: post-unseal setup complete
2023-06-19T10:38:19.981+0800 [INFO] core: root token generated
2023-06-19T10:38:19.981+0800 [INFO] core: pre-seal teardown starting
2023-06-19T10:38:19.981+0800 [INFO] rollback: stopping rollback manager
2023-06-19T10:38:19.982+0800 [INFO] core: pre-seal teardown complete
2023-06-19T10:38:19.982+0800 [INFO] core.cluster-listener.tcp: starting listener: listener_address=127.0.0.1:8201
2023-06-19T10:38:19.982+0800 [INFO] core.cluster-listener: serving cluster requests: cluster_listen_address=127.0.0.1:8201
2023-06-19T10:38:19.982+0800 [INFO] core: post-unseal setup starting
2023-06-19T10:38:19.982+0800 [INFO] core: loaded wrapping token key
2023-06-19T10:38:19.982+0800 [INFO] core: successfully setup plugin catalog: plugin-directory=""
2023-06-19T10:38:19.983+0800 [INFO] core: successfully mounted: type=system version="v1.13.3+builtin.vault" path=sys/ namespace="ID: root. Path: "
2023-06-19T10:38:19.983+0800 [INFO] core: successfully mounted: type=identity version="v1.13.3+builtin.vault" path=identity/ namespace="ID: root. Path: "
2023-06-19T10:38:19.983+0800 [INFO] core: successfully mounted: type=cubbyhole version="v1.13.3+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2023-06-19T10:38:19.984+0800 [INFO] core: successfully mounted: type=token version="v1.13.3+builtin.vault" path=token/ namespace="ID: root. Path: "
2023-06-19T10:38:19.984+0800 [INFO] rollback: starting rollback manager
2023-06-19T10:38:19.984+0800 [INFO] core: restoring leases
2023-06-19T10:38:19.985+0800 [INFO] identity: entities restored
2023-06-19T10:38:19.985+0800 [INFO] identity: groups restored
2023-06-19T10:38:19.985+0800 [INFO] expiration: lease restore complete
2023-06-19T10:38:19.985+0800 [INFO] core: post-unseal setup complete
2023-06-19T10:38:19.985+0800 [INFO] core: vault is unsealed
2023-06-19T10:38:19.987+0800 [INFO] expiration: revoked lease: lease_id=auth/token/root/h272562f04a210e20b2b4d865e2a84db2d53929c149d30e4e06dcd93ebe88dbac
2023-06-19T10:38:19.989+0800 [INFO] core: successful mount: namespace="" path=secret/ type=kv version=""
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variables:

$ export VAULT_ADDR='http://127.0.0.1:8200'

The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.

Unseal Key: DY/t5B7OSPzH1XZq5RJoEr0o7l4Ea5epNl9h0b/zaF4=
Root Token: dev-only-token

Development mode should NOT be used in production installations!


如上所示,成功啓動Vault,至此成功安裝部署Vault

注意命令行輸出的解封密鑰和根令牌,要妥善保存解封密鑰和根令牌:

Unseal Key: DY/t5B7OSPzH1XZq5RJoEr0o7l4Ea5epNl9h0b/zaF4=
Root Token: dev-only-token

[root@mcw02 ~]# curl   https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo -o /etc/yum.
yum.conf     yum.repos.d/ 
[root@mcw02 ~]# curl   https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo -o /etc/yum.repos.d/hashicorp.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   381  100   381    0     0     54      0  0:00:07  0:00:06  0:00:01    86
[root@mcw02 ~]# yum -y install vault
Loaded plugins: fastestmirror
base                                                                                                                                            | 3.6 kB  00:00:00     
epel                                                                                                                                            | 4.3 kB  00:00:00     
extras                                                                                                                                          | 2.9 kB  00:00:00     
glusterfs                                                                                                                                       | 2.9 kB  00:00:00     
hashicorp                                                                                                                                       | 1.4 kB  00:00:00     
salt-3004-repo                                                                                                                                  | 2.9 kB  00:00:00     
selfmcw                                                                                                                                         | 2.9 kB  00:00:00     
updates                                                                                                                                         | 2.9 kB  00:00:00     
zabbix                                                                                                                                          | 2.9 kB  00:00:00     
zabbix-non-supported                                                                                                                            | 2.9 kB  00:00:00     
(1/6): epel/x86_64/group                                                                                                                        | 399 kB  00:00:00     
(2/6): extras/7/x86_64/primary_db                                                                                                               | 253 kB  00:00:00     
(3/6): epel/x86_64/updateinfo                                                                                                                   | 1.0 MB  00:00:01     
(4/6): hashicorp/7/x86_64/primary                                                                                                               | 243 kB  00:00:01     
(5/6): epel/x86_64/primary_db                                                                                                                   | 8.7 MB  00:00:10     
(6/6): updates/7/x86_64/primary_db                                                                                                              |  27 MB  00:00:33     
Determining fastest mirrors
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
hashicorp                                                                                                                                                    1762/1762
Resolving Dependencies
--> Running transaction check
---> Package vault.x86_64 0:1.16.2-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================================================================================
 Package                               Arch                                   Version                                  Repository                                 Size
=======================================================================================================================================================================
Installing:
 vault                                 x86_64                                 1.16.2-1                                 hashicorp                                 143 M

Transaction Summary
=======================================================================================================================================================================
Install  1 Package

Total download size: 143 M
Installed size: 402 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/hashicorp/packages/vault-1.16.2-1.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID a621e701: NOKEY] 7.2 MB/s | 141 MB  00:00:00 ETA 
Public key for vault-1.16.2-1.x86_64.rpm is not installed
vault-1.16.2-1.x86_64.rpm                                                                                                                       | 143 MB  00:00:25     
Retrieving key from https://rpm.releases.hashicorp.com/gpg
Importing GPG key 0xA621E701:
 Userid     : "HashiCorp Security (HashiCorp Package Signing) <[email protected]>"
 Fingerprint: 798a ec65 4e5c 1542 8c8e 42ee aa16 fcbc a621 e701
 From       : https://rpm.releases.hashicorp.com/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : vault-1.16.2-1.x86_64                                                                                                                               1/1Generating Vault TLS key and self-signed certificate...
Generating a 4096 bit RSA private key
.......................................................................................................................................................++
............................................++
writing new private key to 'tls.key'
-----
Vault TLS key and self-signed certificate have been generated in '/opt/vault/tls'.
  Verifying  : vault-1.16.2-1.x86_64                                                                                                                               1/1 

Installed:
  vault.x86_64 0:1.16.2-1                                                                                                                                              

Complete!
[root@mcw02 ~]# vault server -dev -dev-root-token-id=“dev-only-token”
==> Vault server configuration:

Administrative Namespace: 
             Api Address: http://127.0.0.1:8200
                     Cgo: disabled
         Cluster Address: https://127.0.0.1:8201
   Environment Variables: HADOOP_HOME, HISTCONTROL, HISTIMEFORMAT, HISTSIZE, HOME, HOSTNAME, JAVA_HOME, LANG, LESSOPEN, LOGNAME, LS_COLORS, MAIL, PATH, PORMPT_COMMADN, PWD, SHELL, SHLVL, SSH_CLIENT, SSH_CONNECTION, SSH_TTY, TERM, USER, XDG_RUNTIME_DIR, XDG_SESSION_ID, _
              Go Version: go1.21.9
              Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", disable_request_limiter: "false", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: 
                   Mlock: supported: true, enabled: false
           Recovery Mode: false
                 Storage: inmem
                 Version: Vault v1.16.2, built 2024-04-22T16:25:54Z
             Version Sha: c6e4c2d4dc3b0d57791881b087c026e2f75a87cb

==> Vault server started! Log data will stream in below:

2024-05-21T08:40:29.857+0800 [INFO]  proxy environment: http_proxy="" https_proxy="" no_proxy=""
2024-05-21T08:40:29.857+0800 [INFO]  incrementing seal generation: generation=1
2024-05-21T08:40:29.857+0800 [WARN]  no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
2024-05-21T08:40:29.857+0800 [INFO]  core: Initializing version history cache for core
2024-05-21T08:40:29.857+0800 [INFO]  events: Starting event system
2024-05-21T08:40:29.858+0800 [INFO]  core: security barrier not initialized
2024-05-21T08:40:29.858+0800 [INFO]  core: security barrier initialized: stored=1 shares=1 threshold=1
2024-05-21T08:40:29.858+0800 [INFO]  core: post-unseal setup starting
2024-05-21T08:40:29.873+0800 [INFO]  core: loaded wrapping token key
2024-05-21T08:40:29.873+0800 [INFO]  core: successfully setup plugin runtime catalog
2024-05-21T08:40:29.873+0800 [INFO]  core: successfully setup plugin catalog: plugin-directory=""
2024-05-21T08:40:29.873+0800 [INFO]  core: no mounts; adding default mount table
2024-05-21T08:40:29.874+0800 [INFO]  core: successfully mounted: type=cubbyhole version="v1.16.2+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2024-05-21T08:40:29.875+0800 [INFO]  core: successfully mounted: type=system version="v1.16.2+builtin.vault" path=sys/ namespace="ID: root. Path: "
2024-05-21T08:40:29.875+0800 [INFO]  core: successfully mounted: type=identity version="v1.16.2+builtin.vault" path=identity/ namespace="ID: root. Path: "
2024-05-21T08:40:29.878+0800 [INFO]  core: successfully mounted: type=token version="v1.16.2+builtin.vault" path=token/ namespace="ID: root. Path: "
2024-05-21T08:40:29.878+0800 [INFO]  rollback: Starting the rollback manager with 256 workers
2024-05-21T08:40:29.879+0800 [INFO]  core: restoring leases
2024-05-21T08:40:29.880+0800 [INFO]  expiration: lease restore complete
2024-05-21T08:40:29.880+0800 [INFO]  rollback: starting rollback manager
2024-05-21T08:40:29.880+0800 [INFO]  identity: entities restored
2024-05-21T08:40:29.880+0800 [INFO]  identity: groups restored
2024-05-21T08:40:29.881+0800 [INFO]  core: Recorded vault version: vault version=1.16.2 upgrade time="2024-05-21 00:40:29.881043663 +0000 UTC" build date=2024-04-22T16:25:54Z
2024-05-21T08:40:29.881+0800 [INFO]  core: post-unseal setup complete
2024-05-21T08:40:29.881+0800 [INFO]  core: root token generated
2024-05-21T08:40:29.881+0800 [INFO]  core: pre-seal teardown starting
2024-05-21T08:40:29.881+0800 [INFO]  rollback: stopping rollback manager
2024-05-21T08:40:29.881+0800 [INFO]  core: pre-seal teardown complete
2024-05-21T08:40:29.882+0800 [INFO]  core.cluster-listener.tcp: starting listener: listener_address=127.0.0.1:8201
2024-05-21T08:40:29.882+0800 [INFO]  core.cluster-listener: serving cluster requests: cluster_listen_address=127.0.0.1:8201
2024-05-21T08:40:29.882+0800 [INFO]  core: post-unseal setup starting
2024-05-21T08:40:29.882+0800 [INFO]  core: loaded wrapping token key
2024-05-21T08:40:29.882+0800 [INFO]  core: successfully setup plugin runtime catalog
2024-05-21T08:40:29.882+0800 [INFO]  core: successfully setup plugin catalog: plugin-directory=""
2024-05-21T08:40:29.883+0800 [INFO]  core: successfully mounted: type=system version="v1.16.2+builtin.vault" path=sys/ namespace="ID: root. Path: "
2024-05-21T08:40:29.883+0800 [INFO]  core: successfully mounted: type=identity version="v1.16.2+builtin.vault" path=identity/ namespace="ID: root. Path: "
2024-05-21T08:40:29.883+0800 [INFO]  core: successfully mounted: type=cubbyhole version="v1.16.2+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2024-05-21T08:40:29.884+0800 [INFO]  core: successfully mounted: type=token version="v1.16.2+builtin.vault" path=token/ namespace="ID: root. Path: "
2024-05-21T08:40:29.884+0800 [INFO]  rollback: Starting the rollback manager with 256 workers
2024-05-21T08:40:29.884+0800 [INFO]  core: restoring leases
2024-05-21T08:40:29.884+0800 [INFO]  identity: entities restored
2024-05-21T08:40:29.884+0800 [INFO]  identity: groups restored
2024-05-21T08:40:29.884+0800 [INFO]  core: post-unseal setup complete
2024-05-21T08:40:29.884+0800 [INFO]  core: vault is unsealed
2024-05-21T08:40:29.886+0800 [INFO]  expiration: revoked lease: lease_id=auth/token/root/h3514d1c95b4d2e0108dc129ebd305e12342b57fb544e4ccd978af76ebfdb3b5d
2024-05-21T08:40:29.930+0800 [INFO]  expiration: lease restore complete
2024-05-21T08:40:29.930+0800 [INFO]  rollback: starting rollback manager
2024-05-21T08:40:29.932+0800 [INFO]  core: successful mount: namespace="" path=secret/ type=kv version="v0.17.0+builtin"
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variables:

    $ export VAULT_ADDR='http://127.0.0.1:8200'

The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.

Unseal Key: +sPbWdhzUK3Xr+s4SiW4Jvy7T7iGkW1rNsdTtCnXo78=
Root Token: “dev-only-token”

Development mode should NOT be used in production installations!

夯住不動

 

但是端口已經已經啓動了,訪問8200端口,沒有成功,把上面夯住的進程停掉,應該跟啓動ip有關,

[root@mcw02 ~]# netstat -lntup|grep vault
tcp        0      0 127.0.0.1:8200          0.0.0.0:*               LISTEN      1885/vault          
tcp        0      0 127.0.0.1:8201          0.0.0.0:*               LISTEN      1885/vault          
[root@mcw02 ~]#

記錄需要的信息

Unseal Key: +sPbWdhzUK3Xr+s4SiW4Jvy7T7iGkW1rNsdTtCnXo78=
Root Token: “dev-only-token”

 

停掉

^[[B^C==> Vault shutdown triggered
2024-05-21T08:51:12.026+0800 [INFO]  core: marked as sealed
2024-05-21T08:51:12.026+0800 [INFO]  core: pre-seal teardown starting
2024-05-21T08:51:12.026+0800 [INFO]  rollback: stopping rollback manager
2024-05-21T08:51:12.026+0800 [INFO]  core: pre-seal teardown complete
2024-05-21T08:51:12.026+0800 [INFO]  core: stopping cluster listeners
2024-05-21T08:51:12.026+0800 [INFO]  core.cluster-listener: forwarding rpc listeners stopped
2024-05-21T08:51:12.161+0800 [INFO]  core.cluster-listener: rpc listeners successfully shut down
2024-05-21T08:51:12.161+0800 [INFO]  core: cluster listeners successfully shut down
2024-05-21T08:51:12.161+0800 [INFO]  core: vault is sealed
[root@mcw02 ~]#

[root@mcw02 ~]# netstat -lntup|grep vault
[root@mcw02 ~]#

 

Vault 作爲客戶端-服務器應用程序運行。Vault 服務器是唯一與數據存儲和後端交互的 Vault 架構。通過 Vault CLI 完成的所有操作都通過 TLS 連接與服務器交互。

在本篇博客中,啓動以開發模式運行的 Vault 服務器並與之交互。

 

一、啓動開發服務器


以開發模式(開發服務器)啓動 Vault 服務器。開發服務器是一個內置的、預配置的服務器,它不是很安全,但對於在本地使用 Vault 很有用。

vault server -dev

輸出如下所示:

vault server -dev
==> Vault server configuration:

Api Address: http://127.0.0.1:8200
Cgo: disabled
Cluster Address: https://127.0.0.1:8201
Environment Variables: CLASSPATH, FLINK_HOME, GODEBUG, HADOOP_HOME, HISTFILE, HISTSIZE, HISTTIMEFORMAT, HIVE_HOME, HOME, HOSTNAME, JAVA_HOME, LANG, LESSOPEN, LOGNAME, LS_COLORS, MAIL, MONGODB_HOME, MSSQL_HOME, PATH, PROMPT_COMMAND, PWD, PYTHON3_HOME, QT_GRAPHICSSYSTEM, QT_GRAPHICSSYSTEM_CHECKED, SHELL, SHLVL, SPARK_HOME, SUDO_COMMAND, SUDO_GID, SUDO_UID, SUDO_USER, TERM, TMOUT, USER, USERNAME, VAULT_ADDR, XDG_SESSION_ID, ZOOKEEP_HOME, _
Go Version: go1.20.4
Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level:
Mlock: supported: true, enabled: false
Recovery Mode: false
Storage: inmem
Version: Vault v1.13.3, built 2023-06-06T18:12:37Z
Version Sha: 3bedf816cbf851656ae9e6bd65dd4a67a9ddff5e

==> Vault server started! Log data will stream in below:

2023-06-19T13:14:08.399+0800 [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
2023-06-19T13:14:08.399+0800 [WARN] no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
2023-06-19T13:14:08.400+0800 [INFO] core: Initializing version history cache for core
2023-06-19T13:14:08.400+0800 [INFO] core: security barrier not initialized
2023-06-19T13:14:08.400+0800 [INFO] core: security barrier initialized: stored=1 shares=1 threshold=1
2023-06-19T13:14:08.401+0800 [INFO] core: post-unseal setup starting
2023-06-19T13:14:08.416+0800 [INFO] core: loaded wrapping token key
2023-06-19T13:14:08.416+0800 [INFO] core: successfully setup plugin catalog: plugin-directory=""
2023-06-19T13:14:08.416+0800 [INFO] core: no mounts; adding default mount table
2023-06-19T13:14:08.417+0800 [INFO] core: successfully mounted: type=cubbyhole version="v1.13.3+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2023-06-19T13:14:08.418+0800 [INFO] core: successfully mounted: type=system version="v1.13.3+builtin.vault" path=sys/ namespace="ID: root. Path: "
2023-06-19T13:14:08.418+0800 [INFO] core: successfully mounted: type=identity version="v1.13.3+builtin.vault" path=identity/ namespace="ID: root. Path: "
2023-06-19T13:14:08.420+0800 [INFO] core: successfully mounted: type=token version="v1.13.3+builtin.vault" path=token/ namespace="ID: root. Path: "
2023-06-19T13:14:08.420+0800 [INFO] rollback: starting rollback manager
2023-06-19T13:14:08.423+0800 [INFO] core: restoring leases
2023-06-19T13:14:08.425+0800 [INFO] expiration: lease restore complete
2023-06-19T13:14:08.426+0800 [INFO] identity: entities restored
2023-06-19T13:14:08.426+0800 [INFO] identity: groups restored
2023-06-19T13:14:08.426+0800 [INFO] core: Recorded vault version: vault version=1.13.3 upgrade time="2023-06-19 05:14:08.426587913 +0000 UTC" build date=2023-06-06T18:12:37Z
2023-06-19T13:14:08.696+0800 [INFO] core: post-unseal setup complete
2023-06-19T13:14:08.696+0800 [INFO] core: root token generated
2023-06-19T13:14:08.696+0800 [INFO] core: pre-seal teardown starting
2023-06-19T13:14:08.697+0800 [INFO] rollback: stopping rollback manager
2023-06-19T13:14:08.697+0800 [INFO] core: pre-seal teardown complete
2023-06-19T13:14:08.697+0800 [INFO] core.cluster-listener.tcp: starting listener: listener_address=127.0.0.1:8201
2023-06-19T13:14:08.697+0800 [INFO] core.cluster-listener: serving cluster requests: cluster_listen_address=127.0.0.1:8201
2023-06-19T13:14:08.697+0800 [INFO] core: post-unseal setup starting
2023-06-19T13:14:08.697+0800 [INFO] core: loaded wrapping token key
2023-06-19T13:14:08.697+0800 [INFO] core: successfully setup plugin catalog: plugin-directory=""
2023-06-19T13:14:08.698+0800 [INFO] core: successfully mounted: type=system version="v1.13.3+builtin.vault" path=sys/ namespace="ID: root. Path: "
2023-06-19T13:14:08.698+0800 [INFO] core: successfully mounted: type=identity version="v1.13.3+builtin.vault" path=identity/ namespace="ID: root. Path: "
2023-06-19T13:14:08.698+0800 [INFO] core: successfully mounted: type=cubbyhole version="v1.13.3+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2023-06-19T13:14:08.699+0800 [INFO] core: successfully mounted: type=token version="v1.13.3+builtin.vault" path=token/ namespace="ID: root. Path: "
2023-06-19T13:14:08.699+0800 [INFO] rollback: starting rollback manager
2023-06-19T13:14:08.699+0800 [INFO] core: restoring leases
2023-06-19T13:14:08.700+0800 [INFO] identity: entities restored
2023-06-19T13:14:08.700+0800 [INFO] identity: groups restored
2023-06-19T13:14:08.700+0800 [INFO] expiration: lease restore complete
2023-06-19T13:14:08.700+0800 [INFO] core: post-unseal setup complete
2023-06-19T13:14:08.700+0800 [INFO] core: vault is unsealed
2023-06-19T13:14:08.703+0800 [INFO] core: successful mount: namespace="" path=secret/ type=kv version=""
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variables:

$ export VAULT_ADDR='http://127.0.0.1:8200'

The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.

Unseal Key: jp2vzZPjYufsXNsJsEFTuKHMJzvx2FvnC5M3H6+y3vc=
Root Token: hvs.WNSdITpoYX5HvRZWYyGjvZaj

Development mode should NOT be used in production installations!

開發服務器將其所有數據存儲在內存中(但仍然加密),在localhost沒有 TLS 的情況下進行偵聽,並自動解封並向您顯示解封密鑰和根訪問密鑰。

 

跟上面的一樣,是前臺運行程序

[root@mcw02 ~]# vault server -dev
==> Vault server configuration:

Administrative Namespace: 
             Api Address: http://127.0.0.1:8200
                     Cgo: disabled
         Cluster Address: https://127.0.0.1:8201
   Environment Variables: HADOOP_HOME, HISTCONTROL, HISTIMEFORMAT, HISTSIZE, HOME, HOSTNAME, JAVA_HOME, LANG, LESSOPEN, LOGNAME, LS_COLORS, MAIL, PATH, PORMPT_COMMADN, PWD, SHELL, SHLVL, SSH_CLIENT, SSH_CONNECTION, SSH_TTY, TERM, USER, XDG_RUNTIME_DIR, XDG_SESSION_ID, _
              Go Version: go1.21.9
              Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", disable_request_limiter: "false", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: 
                   Mlock: supported: true, enabled: false
           Recovery Mode: false
                 Storage: inmem
                 Version: Vault v1.16.2, built 2024-04-22T16:25:54Z
             Version Sha: c6e4c2d4dc3b0d57791881b087c026e2f75a87cb

==> Vault server started! Log data will stream in below:

2024-05-21T08:52:25.522+0800 [INFO]  proxy environment: http_proxy="" https_proxy="" no_proxy=""
2024-05-21T08:52:25.522+0800 [INFO]  incrementing seal generation: generation=1
2024-05-21T08:52:25.522+0800 [WARN]  no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
2024-05-21T08:52:25.522+0800 [INFO]  core: Initializing version history cache for core
2024-05-21T08:52:25.522+0800 [INFO]  events: Starting event system
2024-05-21T08:52:25.522+0800 [INFO]  core: security barrier not initialized
2024-05-21T08:52:25.522+0800 [INFO]  core: security barrier initialized: stored=1 shares=1 threshold=1
2024-05-21T08:52:25.523+0800 [INFO]  core: post-unseal setup starting
2024-05-21T08:52:25.537+0800 [INFO]  core: loaded wrapping token key
2024-05-21T08:52:25.537+0800 [INFO]  core: successfully setup plugin runtime catalog
2024-05-21T08:52:25.538+0800 [INFO]  core: successfully setup plugin catalog: plugin-directory=""
2024-05-21T08:52:25.538+0800 [INFO]  core: no mounts; adding default mount table
2024-05-21T08:52:25.539+0800 [INFO]  core: successfully mounted: type=cubbyhole version="v1.16.2+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2024-05-21T08:52:25.540+0800 [INFO]  core: successfully mounted: type=system version="v1.16.2+builtin.vault" path=sys/ namespace="ID: root. Path: "
2024-05-21T08:52:25.541+0800 [INFO]  core: successfully mounted: type=identity version="v1.16.2+builtin.vault" path=identity/ namespace="ID: root. Path: "
2024-05-21T08:52:25.543+0800 [INFO]  core: successfully mounted: type=token version="v1.16.2+builtin.vault" path=token/ namespace="ID: root. Path: "
2024-05-21T08:52:25.543+0800 [INFO]  rollback: Starting the rollback manager with 256 workers
2024-05-21T08:52:25.544+0800 [INFO]  rollback: starting rollback manager
2024-05-21T08:52:25.544+0800 [INFO]  core: restoring leases
2024-05-21T08:52:25.545+0800 [INFO]  identity: entities restored
2024-05-21T08:52:25.545+0800 [INFO]  identity: groups restored
2024-05-21T08:52:25.545+0800 [INFO]  core: Recorded vault version: vault version=1.16.2 upgrade time="2024-05-21 00:52:25.545806587 +0000 UTC" build date=2024-04-22T16:25:54Z
2024-05-21T08:52:25.546+0800 [INFO]  core: post-unseal setup complete
2024-05-21T08:52:25.546+0800 [INFO]  core: root token generated
2024-05-21T08:52:25.546+0800 [INFO]  core: pre-seal teardown starting
2024-05-21T08:52:25.546+0800 [INFO]  expiration: lease restore complete
2024-05-21T08:52:25.557+0800 [INFO]  rollback: stopping rollback manager
2024-05-21T08:52:25.557+0800 [INFO]  core: pre-seal teardown complete
2024-05-21T08:52:25.557+0800 [INFO]  core.cluster-listener.tcp: starting listener: listener_address=127.0.0.1:8201
2024-05-21T08:52:25.557+0800 [INFO]  core.cluster-listener: serving cluster requests: cluster_listen_address=127.0.0.1:8201
2024-05-21T08:52:25.557+0800 [INFO]  core: post-unseal setup starting
2024-05-21T08:52:25.557+0800 [INFO]  core: loaded wrapping token key
2024-05-21T08:52:25.557+0800 [INFO]  core: successfully setup plugin runtime catalog
2024-05-21T08:52:25.557+0800 [INFO]  core: successfully setup plugin catalog: plugin-directory=""
2024-05-21T08:52:25.558+0800 [INFO]  core: successfully mounted: type=system version="v1.16.2+builtin.vault" path=sys/ namespace="ID: root. Path: "
2024-05-21T08:52:25.559+0800 [INFO]  core: successfully mounted: type=identity version="v1.16.2+builtin.vault" path=identity/ namespace="ID: root. Path: "
2024-05-21T08:52:25.559+0800 [INFO]  core: successfully mounted: type=cubbyhole version="v1.16.2+builtin.vault" path=cubbyhole/ namespace="ID: root. Path: "
2024-05-21T08:52:25.560+0800 [INFO]  core: successfully mounted: type=token version="v1.16.2+builtin.vault" path=token/ namespace="ID: root. Path: "
2024-05-21T08:52:25.560+0800 [INFO]  rollback: Starting the rollback manager with 256 workers
2024-05-21T08:52:25.560+0800 [INFO]  core: restoring leases
2024-05-21T08:52:25.561+0800 [INFO]  expiration: lease restore complete
2024-05-21T08:52:25.561+0800 [INFO]  rollback: starting rollback manager
2024-05-21T08:52:25.561+0800 [INFO]  identity: entities restored
2024-05-21T08:52:25.561+0800 [INFO]  identity: groups restored
2024-05-21T08:52:25.561+0800 [INFO]  core: post-unseal setup complete
2024-05-21T08:52:25.561+0800 [INFO]  core: vault is unsealed
2024-05-21T08:52:25.564+0800 [INFO]  core: successful mount: namespace="" path=secret/ type=kv version="v0.17.0+builtin"
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variables:

    $ export VAULT_ADDR='http://127.0.0.1:8200'

The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.

Unseal Key: PCgwWZQZ91BLne/Xh8yIekhgrJzu38p/LqPNr8ndlDo=
Root Token: hvs.HPHBPfqKpbOUKJFOqTvdXPT6

Development mode should NOT be used in production installations!

 

二、設置環境變量


啓動一個新的終端會話。

export VAULT_ADDR …從終端輸出複製並運行命令。這將配置 Vault 客戶端與開發服務器對話。

export VAULT_ADDR='http://127.0.0.1:8200'

Vault CLI 使用環境變量確定哪些 Vault 服務器發送請求 VAULT_ADDR。

將解封密鑰保存在某處。不要擔心如何安全地保存它。現在,只需將它保存在任何地方。

將環境變量值VAULT_TOKEN設置爲終端輸出中顯示的生成的根令牌值。

export VAULT_TOKEN="hvs.6j4cuewowBGit65rheNoceI7"

要與 Vault 交互,必須提供有效的令牌。設置此環境變量是一種通過 CLI 向 Vault 提供令牌的方法。在身份驗證教程中,將學習使用vault login <token_value>命令對 Vault 進行身份驗證。

 

三、驗證服務器正在運行


通過運行命令驗證服務器是否正在運行vault status。如果運行成功,輸出應如下所示:

vault status
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 1
Threshold 1
Version 1.13.3
Build Date 2023-06-06T18:12:37Z
Storage Type inmem
Cluster Name vault-cluster-488bbee6
Cluster ID 6fd0289e-dd56-af7f-c188-6f8ea08e3f2e
HA Enabled false

[root@mcw02 ~]# netstat -lntup|grep vault
tcp        0      0 127.0.0.1:8200          0.0.0.0:*               LISTEN      1945/vault          
tcp        0      0 127.0.0.1:8201          0.0.0.0:*               LISTEN      1945/vault          
[root@mcw02 ~]# vault status
WARNING! VAULT_ADDR and -address unset. Defaulting to https://127.0.0.1:8200.
Error checking seal status: Get "https://127.0.0.1:8200/v1/sys/seal-status": http: server gave HTTP response to HTTPS client
[root@mcw02 ~]# export VAULT_ADDR='http://127.0.0.1:8200'
[root@mcw02 ~]# export VAULT_TOKEN="hvs.HPHBPfqKpbOUKJFOqTvdXPT6"
[root@mcw02 ~]# vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.16.2
Build Date      2024-04-22T16:25:54Z
Storage Type    inmem
Cluster Name    vault-cluster-85e02789
Cluster ID      b6561f47-7fed-1417-6998-59962ec7c23e
HA Enabled      false
[root@mcw02 ~]#

 

四、vault命令彙總


在開發模式下運行 Vault 時,Key/Value v2 機密引擎在 secret/ 路徑下啓用。Key/Value 機密引擎是一個通用的鍵值存儲,用於在爲 Vault 配置的物理存儲中存儲任意機密。寫入 Vault 的祕密被加密,然後寫入後端存儲。因此,後端存儲機制永遠看不到未加密的值,也沒有必要的手段在沒有 Vault 的情況下對其進行解密。

Key/Value 機密引擎有版本 1 和 2。不同之處在於 v2 提供機密的版本控制,而 v1 不提供。

使用 vault kv [options] [args] 命令與 K/V 祕密引擎交互。

可用的子命令:

 

 

一、寫一個密碼


現在,使用 vault kv put 命令對掛載路徑 secret 寫入一個鍵值 secret 到路徑 hello ,鍵爲 foo ,值爲 world ,這是安裝 KV v2 secrets 引擎的地方。此命令創建新版本的機密,並替換路徑中任何預先存在的數據(如果有)。

 

[root@mcw02 ~]# vault kv put -mount=secret hello foo=world
== Secret Path ==
secret/data/hello

======= Metadata =======
Key                Value
---                -----
created_time       2024-05-21T01:28:12.539206785Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            1
[root@mcw02 ~]# 
[root@mcw02 ~]# vault kv put -mount=secret hello foo=world excited=yes
== Secret Path ==
secret/data/hello

======= Metadata =======
Key                Value
---                -----
created_time       2024-05-21T01:28:37.306367454Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            2
[root@mcw02 ~]# 
[root@mcw02 ~]# ls /data/
gv0  gv1  gv2  gv3
[root@mcw02 ~]#

 

請注意version現在是2。

 

二、讀取密碼


如您所料,可以使用 vault kv get 檢索機密。

[root@mcw02 ~]# vault kv get -mount=secret hello
== Secret Path ==
secret/data/hello

======= Metadata =======
Key                Value
---                -----
created_time       2024-05-21T01:28:37.306367454Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            2

===== Data =====
Key        Value
---        -----
excited    yes
foo        world
[root@mcw02 ~]#

 

Vault 在 secret/hello 返回最新版本的祕密(在本例中爲版本 2)。

要僅打印給定字段的值,請使用 -field=<key_name> 標誌。

[root@mcw02 ~]# vault kv get -mount=secret -field=excited hello
yes
[root@mcw02 ~]#


可選的 JSON 輸出對於腳本非常有用。例如,您可以使用 jq 工具來提取 excited secret 的值。

[root@mcw02 ~]# vault kv get -mount=secret -format=json hello 
{
  "request_id": "6805e2fb-2728-bc42-14ac-c4284bb23adc",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "data": {
      "excited": "yes",
      "foo": "world"
    },
    "metadata": {
      "created_time": "2024-05-21T01:28:37.306367454Z",
      "custom_metadata": null,
      "deletion_time": "",
      "destroyed": false,
      "version": 2
    }
  },
  "warnings": null,
  "mount_type": "kv"
}
[root@mcw02 ~]# vault kv get -mount=secret -format=json hello  | jq -r .data.data.excited
yes
[root@mcw02 ~]#

 


三、刪除密碼


現在你已經學會了如何讀寫一個祕密,讓我們繼續刪除它。可以使用 vault kv delete 命令執行此操作。

[root@mcw02 ~]# vault kv delete -mount=secret hello
Success! Data deleted (if it existed) at: secret/data/hello
[root@mcw02 ~]#


嘗試閱讀剛剛刪除的祕密。

[root@mcw02 ~]# vault kv get -mount=secret hello
== Secret Path ==
secret/data/hello

======= Metadata =======
Key                Value
---                -----
created_time       2024-05-21T01:28:37.306367454Z
custom_metadata    <nil>
deletion_time      2024-05-21T01:33:11.09269757Z
destroyed          false
version            2

[root@mcw02 ~]#


輸出僅顯示具有 deletion_time 的元數據。一旦刪除,它不會顯示數據本身。請注意,destroyed 參數爲 false,這意味着如果刪除是無意的,您可以恢復已刪除的數據。

[root@mcw02 ~]# vault kv undelete -mount=secret -versions=2 hello
Success! Data written to: secret/undelete/hello
[root@mcw02 ~]#


現在,數據已恢復。

[root@mcw02 ~]# vault kv get -mount=secret hello
== Secret Path ==
secret/data/hello

======= Metadata =======
Key                Value
---                -----
created_time       2024-05-21T01:28:37.306367454Z
custom_metadata    <nil>
deletion_time      n/a
destroyed          false
version            2

===== Data =====
Key        Value
---        -----
excited    yes
foo        world
[root@mcw02 ~]#

 

 

 

 

 

 

 



 

 

 


原文鏈接:https://blog.csdn.net/zhengzaifeidelushang/article/details/131283430

 原文鏈接:https://blog.csdn.net/zhengzaifeidelushang/article/details/131286740

原文鏈接:https://blog.csdn.net/zhengzaifeidelushang/article/details/131287041

https://blog.csdn.net/zhengzaifeidelushang/article/details/131287833

https://blog.csdn.net/zhengzaifeidelushang/article/details/131291390

 

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

數據保護技巧揭祕:爲導出文件添加防護密碼的實用指南

一、前言 當涉及到敏感數據的導出和共享時,數據安全是至關重要的。在現代數字化時代,保護個人和機密信息免受未經授權的訪問和竊取是每個組織和個人的首要任務之一。在這種背景下,葡萄城的純前端表格控件 SpreadJS 提供的加密功能爲用戶提供了一

葡萄城技術團隊 2024-06-03 14:30:40

圖牀軟件Minio oss

docker run -p 9000:9000 -p 9001:9001 --name minio -d --restart=always -e "MINIO_ACCESS_KEY=admin" -e "MINIO_SECRET_KEY=a

hiningrise 2024-06-03 14:25:00

一個docker容器暴露多個端口

how to configure multiple domain (virtual host) and multiple virtual port # start the nginx proxy docker run -d -p 80:80

hiningrise 2024-06-03 14:25:00

微軟官方開源免費的Blazor UI組件庫 - Fluent UI Blazor

前言 今天大姚給大家分享一個由微軟官方開源(MIT License)、免費的Blazor UI組件庫:Fluent UI Blazor。 全面的ASP.NET Core Blazor簡介和快速入門 Fluent UI Blazor介紹

追逐時光 2024-06-03 14:22:00

再也不用爲找.NET相關的項目和框架發愁了

前言 最近經常在DotNetGuide技術社區交流羣裏看到有小夥伴問:有什麼好用的.NET定時任務調度框架推薦的?有什麼好的WPF/WinForm/Blazor圖表庫推薦的?.NET好用的後臺管理框架有推薦的嗎?大家平時都是怎麼找.NET

追逐時光 2024-06-03 14:22:00

leetcode 60 排列序列

排列序列 已解答 困難 相關標籤 相關企業 給出集合 [1,2,3,...,n],其所有元素共有 n! 種排列。 按大小順序列出所有排列情況,並一一標記,當 n = 3 時, 所有排列如下: "123" "132" "213" "231

張博的博客 2024-06-03 14:19:49

k8S的kube-proxy相關ipvs

  ipvsadm命令 沒想到自己之前二進制部署的,也是ipvs代理模式 node2上沒有裝ipvs,也看不了一些ipvs規則  node1上安裝ipvsadm,然後就可以看的k8s添加的規則了 yum install ipvsadm

馬昌偉 2024-06-03 14:13:49

零基礎寫框架:從零設計一個模塊化和自動服務註冊框架

關於從零設計 .NET 開發框架 作者:癡者工良 教程說明: 倉庫地址:https://github.com/whuanle/maomi 文檔地址:https://maomi.whuanle.cn 作者博客: https://www.whu

癡者工良 2024-06-03 14:13:38

英語背單詞 專四詞彙 2024年06月 ChatGPT

2024-06-03 index word pronunciation parts of speech explanation translation in Chinese 1 fuss /fʌs/ noun/verb unnec

ChuckLu 2024-06-03 14:06:57

背單詞 首字母 2024年06月

2024-06-302024-06-292024-06-282024-06-272024-06-262024-06-252024-06-242024-06-232024-06-222024-06-212024-06-202024-06-19

ChuckLu 2024-06-03 14:06:57

初探富文本之基於虛擬滾動的大型文檔性能優化方案

初探富文本之基於虛擬滾動的大型文檔性能優化方案 虛擬滾動是一種優化長列表性能的技術,其通過按需渲染列表項來提高瀏覽器運行效率。具體來說,虛擬滾動只渲染用戶瀏覽器視口部分的文檔數據,而不是整個文檔結構,其核心實現根據可見區域高度和容器的滾動位

WindrunnerMax 2024-06-03 14:05:17

.Net 中間件 - 新開源代碼生成器 -ReZero

ReZero AP ReZero是一款.NET中間件 : 一款通過界面操作就能生成API ,  可以集成到任何.NET6+ API項目,無破壞性,也可讓非.NET用戶使用exe文件 ReZero生成器功能簡介 1、表文檔導出:支持目錄導航

孫凱旋 2024-06-03 14:03:26

Microsoft.Extensions.DependencyInjection會自動釋放通過DI(依賴注入)創建的對象

Microsoft.Extensions.DependencyInjection中(下面簡稱DI),在調用ServiceProvider和IServiceScope對象的Dispose()方法時,也會自動調用ServiceProvider和

PowerCoder 2024-06-03 14:03:06

爲什麼以及如何要進行架構設計權衡?

對於“軟件架構”這個詞有很多定義和含義。而且,“軟件開發”、“軟件設計”和“軟件架構”這三個概念之間存在相當大的重疊,它們在許多方面相互交融。 從核心上看,可以將軟件架構視爲在構建應用程序時,對不同選擇進行權衡的學科。 1 爲什麼需要權衡以

路人111122233 2024-06-03 14:00:36

如何使用Node.js、TypeScript和Express實現RESTful API服務

Node.js是一個基於 Chrome V8 引擎的 JavaScript 運行環境。Node.js 使用了一個事件驅動、非阻塞式 I/O 的模型,使其輕量又高效。Express是一個保持最小規模的靈活的 Node.js Web應用程序開發

黃明基 2024-06-03 13:59:46