Using Vault to check the .env files on the server

From PheonixSolutions
Jump to navigation Jump to search

Using Vault to check the .env files on the server

Prerequisite

  1. Server root login credentials.

Step1:

Login into the Jenkins server

Step2:

Setting an Environment Variable: You can use the export command to set the value of an environment variable. 

 export VAULT_ADDR=https://vault.pheonixsolutions.com

Step3:

Login into the vault using the below command 

 vault login hvs.sVSsmi7weDE8LjOkf6atDKzF

Step4:

List down the kV list in the vault 

 vault list kv

Step5:

Need to install Jq so use the below command in the Ubuntu server 

 sudo apt install jq

Step6:
 use the below command it shows the .env format in the server 

 vault kv get -format=json internal/dsmv1stagingapi.milta.be | jq -r '.data.data | to_entries | map("\(.key)=\(.value)")[]' | sed 's/:/=/g'

configure with Jenkins job

Step1:

  1. Log in to the Jenkins
  2. Go to the dashboard
  3. And go to the new item or existing job

File:Media/image1.png

Step2:

Enter the domain or any other name for your identification

File:Media/image2.png

Step3:

If you want a new item, Skip the option and click OK.

File:Media/image3.png

Step4:

Go to the build environment and select the vault plugin.

File:Media/image4.png

After the vault plugin vault URL and vault credentials.

File:Media/image5.png

Step5:

Go to build steps and execute the shell using the below command and steps. And these steps and commands are just a reference.

File:Media/image6.png

File:Media/image7.png 

 # Set Vault environment variables
 export VAULT_ADDR="https://vault.pheonixsolutions.com%22
 export VAULT_TOKEN="hvs.sVSsmi7weDE8LjOkf6atDKzF"
 # Retrieve secrets from Vault and format the output
 VAULT_RESPONSE=$(vault kv get -format=json internal/vault-secrets-test | jq -r '.data.data')
 # Check the retrieved response
 echo "Vault Response: $VAULT_RESPONSE"
 # Extract values from the Vault response
 DB_NAME=$(echo "$VAULT_RESPONSE" | jq -r '.DB_NAME')
 DB_Pass=$(echo "$VAULT_RESPONSE" | jq -r '.DB_Pass')
 DB_User=$(echo "$VAULT_RESPONSE" | jq -r '.DB_User')
 MONGODB_URI=$(echo "$VAULT_RESPONSE" | jq -r '.MONGODB_URI')
 PORT=$(echo "$VAULT_RESPONSE" | jq -r '.PORT')
 # ... Extract other secrets as needed
 # Display the extracted values (for debugging)
 echo "DB_NAME: $DB_NAME"
 echo "DB_Pass: $DB_Pass"
 echo "DB_User: $DB_User"
 echo "MONGODB_URI: $MONGODB_URI"
 echo "PORT: $PORT"
 # ... Display other extracted secrets
 # Copy secrets to the target server
 echo "DB_NAME=$DB_NAME" > /tmp/.env
 echo "DB_Pass=$DB_Pass" >> /tmp/.env
 echo "DB_User: $DB_User" >> /tmp/.env
 echo "MONGODB_URI: $MONGODB_URI" >> /tmp/.env
 echo "PORT: $PORT" >> /tmp/.env
 # ... Add other secrets to the .env file
 rsync -av /tmp/.env root@18.192.251.31:/home/ubuntu/test-valut/
 # Clean up temporary .env file
 rm /tmp/.env

Step6:

Go to post-build actions

Give the save option

File:Media/image8.png

Step7:

  1. Click the build with parameters
  2. And give branch option
  3. Click the build

File:Media/image9.png

Step8:

Go to the console output and it gets a success or not. This output is just a reference.

File:Media/image10.png 

 [milta-terminal-test-valut] $ /bin/sh -xe /tmp/jenkins17184586663359071995.sh
 + export VAULT_ADDR=https://vault.pheonixsolutions.com
 + export VAULT_TOKEN=hvs.sVSsmi7weDE8LjOkf6atDKzF
 + jq -r .data.data
 + vault kv get -format=json internal/vault-secrets-test
 + VAULT_RESPONSE={
 "DB_NAME": "miltatest",
 "DB_Pass": "1234567890",
 "DB_User": "miltauser",
 "MONGODB_URI": "\"mongodb://localhost:27017\"",
 "PORT": "3000"
 }
 + echo Vault Response: {
 "DB_NAME": "miltatest",
 "DB_Pass": "1234567890",
 "DB_User": "miltauser",
 "MONGODB_URI": "\"mongodb://localhost:27017\"",
 "PORT": "3000"
 }
 Vault Response: {
 "DB_NAME": "miltatest",
 "DB_Pass": "1234567890",
 "DB_User": "miltauser",
 "MONGODB_URI": "\"mongodb://localhost:27017\"",
 "PORT": "3000"
 }
 + jq -r .DB_NAME
 + echo {
 "DB_NAME": "miltatest",
 "DB_Pass": "1234567890",
 "DB_User": "miltauser",
 "MONGODB_URI": "\"mongodb://localhost:27017\"",
 "PORT": "3000"
 }
 + DB_NAME=miltatest
 + jq -r .DB_Pass
 + echo {
 "DB_NAME": "miltatest",
 "DB_Pass": "1234567890",
 "DB_User": "miltauser",
 "MONGODB_URI": "\"mongodb://localhost:27017\"",
 "PORT": "3000"
 }
 + DB_Pass=1234567890
 + jq -r .DB_User
 + echo {
 "DB_NAME": "miltatest",
 "DB_Pass": "1234567890",
 "DB_User": "miltauser",
 "MONGODB_URI": "\"mongodb://localhost:27017\"",
 "PORT": "3000"
 }
 + DB_User=miltauser
 + jq -r .MONGODB_URI
 + echo {
 "DB_NAME": "miltatest",
 "DB_Pass": "1234567890",
 "DB_User": "miltauser",
 "MONGODB_URI": "\"mongodb://localhost:27017\"",
 "PORT": "3000"
 }
 + MONGODB_URI="mongodb://localhost:27017"
 + jq -r .PORT
 + echo {
 "DB_NAME": "miltatest",
 "DB_Pass": "1234567890",
 "DB_User": "miltauser",
 "MONGODB_URI": "\"mongodb://localhost:27017\"",
 "PORT": "3000"
 }
 + PORT=3000
 + echo DB_NAME: miltatest
 DB_NAME: miltatest
 + echo DB_Pass: 1234567890
 DB_Pass: 1234567890
 + echo DB_User: miltauser
 DB_User: miltauser
 + echo MONGODB_URI: "mongodb://localhost:27017"
 MONGODB_URI: "mongodb://localhost:27017"
 + echo PORT: 3000
 PORT: 3000
 + echo DB_NAME=miltatest
 + echo DB_Pass=1234567890
 + echo DB_User: miltauser
 + echo MONGODB_URI: "mongodb://localhost:27017"
 + echo PORT: 3000
 + rsync -av /tmp/.env root@18.192.251.31:/home/ubuntu/test-valut/
 sending incremental file list
 .env
 sent 214 bytes received 35 bytes 99.60 bytes/sec
 total size is 108 speedup is 0.43
 + rm /tmp/.env
 Finished: SUCCESS
Retrieved from "https://wiki.pheonixsolutions.com/index.php?title=Using_Vault_to_check_the_.env_files_on_the_server&oldid=999"