Learn More
Resend Email
0
b2plane
218d

PLEASE i understand how it works but how is hashicorp vault supposed to be used?

Not to mention how should i use it for production? Literally no dipshit tutorial explains it. Everyone explains the vault server -dev part and thats it. Fuck you

Every time i restart the vault server all of the secrets and config get deleted. And then i have to readd them all over again?

How is vault supposed to work in terraform?

How can I automate storing secrets in vault instead of manually doing it?

How to automate starting vault server by a single command along with provisioning secrets and parameters?

How to store iam credentials from ~/.aws/credentials into vault by profile AUTOMATICALLY as soon as vault server is started?

Because if my backend depends on some secret from vault, how am i supposed to automatically have these secrets created so i can just run my backend without worrying which secrets i have to recreate because the restart of vault server deletes all the fucking secrets in dev mode?

How do i use this bullshit?

- Every guide explains it partially
- No guide explains how to 100% automate it
- every dipshit youtube video explains it poorly
- NO ONE explains how to configure it for production.

I am so Fucking lost in learning this bullshit.

Can someone give me a link to a repo of a working example of the things i just mentioned? Either you create it or send an existing link cause i cant find any.

Basically i just want to use Terraform and Vault together but i cant understand how to combine them together so that its all automated 100% -- for example i just want to do

terraform apply --auto-approve

And then the entire terraform aws gets provisioned + vault server stars AND gets provisioned with secrets.

How to do that?

rant
Favorite
Ranter
Comments
  • 2
    218d
    I told you before.

    You cannot learn this on the job.

    Tutorials will never explain how to get to a senior level.

    Being a senior comes from breaking down brick walls from banging your head against them.

    You are trying to take shortcuts. It's gonna end badly.

    But ... not my problem, I guess.
  • 0
    218d
    @CoreFusionX what are you talking about? Im learning vault on my own for my own project. Im banging my head through the bricks. Im asking for explanation while doing it
  • 1
    218d
    @b2plane

    Please don't.

    In your OP, you've said "how ..." a dozen times.

    You've called people instructing such dipshits, or otherwise complained they do not magically convey to you their years of experience.

    *it does not work like that*.

    No tutorial, no YouTube video, no blog article can transfer actual experience.

    Asking gets you to junior level. For senior level you need to start being able to figure shit out on your own.

    Sure, you lash because this is "for your own project".

    You have admitted earlier that you intend to "learn in the job" on a senior DevOps position.

    Judging by this attitude, it's gonna end badly.

    And while I don't think anyone sensible here would think so, I'm *not* trying to smother you down, I'm trying to educate you into what you are going to find it you insist on selling yourself as a rockstar developer.
  • 0
    218d
    If only, because "asking for explanation" is not really "banging your head through it", it's, climbing your personal everest with rope and oxygen Sherpas left there for you.

    Sure, maybe you can summit. One mistake and, will you survive?
  • 3
    218d
    If anything, if guides explained 100% how to fucking deploy shit in production, why would any company prefer you over any other rando?

    They could learn 100% just like you.

    Be thankful it's not that way. Take your job seriously. *LEARN*

    God, I feel like Nanos now, and it's not a good feeling.
  • 0
    218d
    @CoreFusionX i Am learning it. What do you think im doing? On my personal project im trying to integrate as much stuff as possible to learn through practical project experience. I can figure it out on my own and find a solution. Already did. But im not sure if thats the correct way to do it. Basically i built my own bash script to automate this shit by starting the vault server and inserting aws iam credentials there by just running that script. Is that a good solution?

    Or should i start vault through docker and configure it that way, is that a good solution? But in that case its impossible to read aws credentials and apply to docker parameters since its a vm container

    I can do shit on my own but if i do stuff that im not very familiar with on my own then chances are that it will work but at what cost? Because what if thats a wrong way to implement it

    Im asking questions here to know whats the right way to do it. You dont have to jump on my head. Just answer the questions
  • 0
    218d
    Or should i configure vault with terraform and that way insert credentials and start vault server is that a good solution? (3rd solution) as you can see there are several ways to solve this problem and im not sure whats the correct way out of 100s
  • 1
    218d
    @b2plane

    No. We shouldn't just "answer the questions". *this is not stackoverflow*. By all means, break shit. LEARN from that.

    What I'm trying to say is that no one is gonna hold your hand to becoming a senior. Only YOU can become a senior.

    And, now this is a serious warning. Do not expect to just "learn this on the job". By your own admission in this very thread, you don't have the expertise for a senior role in this field.

    If you take the job and something goes awfully wrong, you *can* and *will* be held liable, because a junior can get away with it. A senior can't. (And you might even be prosecuted and convicted)

    And that will forever ruin your career in this field, because, like in every job where you have admin powers, your most valuable asset is trust.
  • 2
    218d
    I'm not in charge of the Vault as part of the product but this is how we use it:

    We use Vault as an on-premise service deployed in K8s. It is using PVs (persistent volumes) in order to have persistency between restart/shut downs etc. The vault is initialized by a custom made script which puts some default values for all the passwords which come from a config file, we refer to this process as a Day 0 operation. Afterwards the customers/system administrators are expected to update and change service passwords on their own which is known as Day 1 operation.
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment