Public | Automated Build

Last pushed: a year ago
Short Description
Creates self-signed certs for Logstash, inserts into Vault.
Full Description

Sitch Self-Signed Seeder

A task for generating self-signed crypto material for Logstash, and injecting into Vault

Designed for use with SITCH Sensor Mk3

You'll need the following environment variable set:

Variable Purpose
VAULT_URL URL for vault server
VAULT_TOKEN Root token for vault
LS_CLIENTNAME CN for Logstash client
LS_SERVERNAME CN for Logstash server

Here's the skinny: Run this task with the right creds and you'll be returned
the following on stdout:

  • logstash server vault token
  • logstash client vault token

These will give you access to the credentials auto-generated by this tool and
inserted into your Vault. The paths for accessing these credentials are:

Path Purpose
/server/cert Logstash server certifcate
/server/key Logstash server key
/client/ca CA certificate for client
/client/cert Logstash client certificate
/client/key Logstash client key

The first portion of the path represents the token required to access the
credential.

This goes into your sitch sensor and logstash server configuration. Using this
will allow a rapid re-key of your log delivery infrastructure. Create a new
Vault and kick this off. When it completes, place the tokens in your delivery
system (resin.io application environment variable for the sensor, and whatever
your container orchestration system is for the Logstash server). Then restart
your Logstash server container and Resin application with the new credentials.
Voila.

Docker Pull Command
Owner
sitch

Comments (0)