MEDLab/crypto-wake
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
crypto-wake/files/docs/apps/vault.md
Nathan Schneider 11c6212fb7 Initial commit
2021-03-14 16:34:32 -06:00

36 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# <img src="/img/vault-logo.png" width="25px"> Vault App
## About
Vault is a tool for secrets management, encryption as a service, and privileged access management.
* Questions? Ask in the [Cloudron Forum - Vault](https://forum.cloudron.io/category/94/vault)
* [Vault Website](https://www.vaultproject.io/)
* [Vault community](https://www.vaultproject.io/community)
* [Vault issue tracker](https://github.com/hashicorp/vault/issues)
## Setup
On first visit, you can generate the keys for the vault by specifying the number
of shares and the threshold. The idea is that a master key is generated and split
into the number of shares. To unlock the vault, you must provide atleast threshold count
of the parts. See [this blog](https://shadow-soft.com/vault-auto-unseal/) for a full
explanation on how Vault uses Shamirs secret sharing algorithm.
## Unsealing
Vault stores all the secrets in memory. It uses the mlock capability of the kernel to
prevent swapping. When the app restarts or the server restarts, it must be unsealed using
the keys that were generated during setup. This is by Vault design.
## LDAP
After the Vault is unsealed, you can run the following command to enable Cloudron authentication.
```
/app/pkg/enable-ldap.sh <root-token>
```
The root token is part of the keys generated during setup.
Reference in New Issue View Git Blame Copy Permalink