updated for 016 of secrets bridge (#293)

2016-09-22 17:25:26 -07:00 · 2016-09-22 17:25:26 -07:00 · f8bb75fe05
commit f8bb75fe05
parent 2d4a62d559
3 changed files with 4 additions and 52 deletions
--- a/templates/secrets-bridge-agents/0/docker-compose.yml
+++ b/templates/secrets-bridge-agents/0/docker-compose.yml
@ -1,5 +1,5 @@
 secrets-bridge:
-    image: rancher/secrets-bridge:v0.1.5
+    image: rancher/secrets-bridge:v0.1.6
    command: agent --bridge-url ${BRIDGE_URL}
    volumes:
        - /var/run/docker.sock:/var/run/docker.sock
--- a/templates/secrets-bridge-server/0/README.md
+++ b/templates/secrets-bridge-server/0/README.md
@ -1,8 +1,4 @@
-## Secrets Bridge Server (Experimental)
---
-###Status: Experimental POC (Read: Do NOT use for production) 
-Only works with Hashicorp Vault server in dev mode currently.
-
+## Secrets Bridge Server (Beta)
 ---
 #### Description: 
  This is the server side component for the Vault Secrets bridge with Rancher. This service should *NOT* be deployed in the same environment as user applications. It will have access to Vault, and compromising it will give the person access to *ALL* secrets available in that environment. It should instead be run in an environment reserved for the team operating Rancher.
@ -13,47 +9,3 @@ Only works with Hashicorp Vault server in dev mode currently.

 See [setup guide](https://github.com/rancher/secrets-bridge/blob/master/docs/setup.md)
  
-#### Pre-reqs:
-
-A Vault server in Dev mode.
-
-Create Vault Policies and Roles for at least the Issuing token. 
-Something like:
-
-```
-  vault policy-write grantor-Default ./policies/grantor-Default
-  vault policy-write test1 ./policies/test1
-  vault policy-write test2 ./policies/test2
-```
-
-
-```
-curl -s -X POST -H "X-Vault-Token: ${VAULT_TOKEN}" -d '{"allowed_policies": "default,grantor,test1,test2"}' http://vault/v1/auth/token/roles/grantor-Default
-```
-
-#### Configure and Launch:
- 1. Create a token to be used to issue new tokens in the environment. As part of the "meta" on the token add a field called `configPath` and set that equal to a path in the secrets folder in Vault. (like `/secrets/secrets-bridge/Default`)
-
-
-  ```
-curl -s -X POST -H "X-Vault-Token: $ROOT_TOKEN" ${VAULT_URL}/v1/auth/token/create/grantor-Default -d '{"policies": ["default", "grantor", "test1", "test2"], "ttl": "72h", "meta": {"configPath": "secret/secrets-bridge/Default"}}' | jq -r '.auth.client_token'
-  ```
-
- 
- 2. Create a temporary token with (2) uses.
-
-  ```
-  curl -s -H "X-Vault-Token: $ROOT_TOKEN" ${VAULT_URL}/v1/auth/token/create -d '{"policies": ["default"], "ttl": "15m", "num_uses": 2}'|jq -r '.auth.client_token'
-  ```
- 
- 3. Use the temporary token to put the issuing token into the Vault cubbyhole.
-
-    ```
- curl -X POST -H "X-Vault-Token: ${TEMP_TOKEN}" ${VAULT_URL}/v1/cubbyhole/Default -d "{\"permKey\": \"${PERM_TOKEN}\"}"
-    ```
- 
- 4. Create Cattle API keys for the environment this server will be handling. (Would recommend 1 server per environment)
- 
- 5. Launch this app with all of the configs.
- 
-
--- a/templates/secrets-bridge-server/0/docker-compose.yml
+++ b/templates/secrets-bridge-server/0/docker-compose.yml
@ -1,5 +1,5 @@
 secrets-bridge:
-    image: rancher/secrets-bridge:v0.1.5
+    image: rancher/secrets-bridge:v0.1.6
    environment:
        CATTLE_ACCESS_KEY: ${CATTLE_ACCESS_KEY}
        CATTLE_SECRET_KEY: ${CATTLE_SECRET_KEY}