Пример конфигурации секретов для SecMan#

Для интеграции с SecMan подготовьте JSON-файлы с конфигурацией:

Примечание:

Имя JSON-файла может быть произвольным.

Конфигурация JSON-файла для kintsugi#

Пример конфигурации:

{
  "managed_databases": {
      "force_root_cert.secret": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIJ\n-----END CERTIFICATE-----"
  },
  "collector": {
    "monitoring_database.secret": "postgres",
    "monitoring_login.secret": "postgres",
    "monitoring_password.secret": "password"
  },
  "elastic": {
    "password": "kintsugi",
    "user": "elastic"
  },
  "tsdbmon": {
    "client_cert.secret": "-----BEGIN CERTIFICATE-----\nMIICozCCAYsCCQCWXJS7hb+w6DANBgkqhk\n-----END CERTIFICATE-----",
    "client_key.secret": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0\n-----END PRIVATE KEY-----",
    "passfile.secret": "10.xx.xx.xx:5555:example_passfile.secret:password",
    "root_cert.secret": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIJAIUlgU1\n-----END CERTIFICATE-----"
  },
  "repository": {
    "client_cert.secret": "-----BEGIN CERTIFICATE-----\nMIICozCCAYsCCQCWXJS7hb+w6DANBgkqh\n-----END CERTIFICATE-----",
    "client_key.secret": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG\n-----END PRIVATE KEY-----",
    "repository_password.secret": "password",
    "root_cert.secret": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIJAIUlgU1YC\n-----END CERTIFICATE-----",
    "secret.pem": "secret",
    "ssl_password.secret": "passphrase"
  },
  "victoria_metrics": {
    "auth.secret": "user:user"
  }
}

Конфигурация JSON-файла для istio#

Пример конфигурации:

{
  "egress": {
    "istio-egressgateway-ca-certs-ca.crt": "-----BEGIN CERTIFICATE-----\nMIIDeDCCAmCgAwIBAgIBATANBgkq=\n-----END CERTIFICATE-----\n\n-----BEGIN CERTIFICATE-----\nMIIEjjCCAvagAwIBAgIBATANBg\n-----END CERTIFICATE-----",
    "istio-egressgateway-certs-tls.crt": "-----BEGIN CERTIFICATE-----\nMIIEzDCCAzSgAwIBAgICBIUwDQYJ\n-----END CERTIFICATE-----",
    "istio-egressgateway-certs-tls.key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCB\n-----END PRIVATE KEY-----"
  },
  "ingress": {
    "istio-ingressgateway-ca-certs-ca.crt": "-----BEGIN CERTIFICATE-----\nMIIDeDCCAmCgAwIBAgIBATA\n-----END CERTIFICATE-----\n\n-----BEGIN CERTIFICATE-----\nMIIEjjCCAvagAwIBAgIBATANBgkqhkiG9w0BAQsFAD\n-----END CERTIFICATE-----",
    "istio-ingressgateway-certs-tls.crt": "-----BEGIN CERTIFICATE-----\nMIIEzDCCAzSgAwIBAgICBIUwDQYJKoZ\n-----END CERTIFICATE-----",
    "istio-ingressgateway-certs-tls.key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgE-----END PRIVATE KEY-----"
  },
  "ott": {
    "certstore_private_key_pwd": "password",
    "certstore_pwd": "password",
    "kintsugi.p12": "MIIH5AIBAzCCB50GCSqGSIb3DQEHAaCCB4",
    "trust_store_pwd": "password",
    "truststore.p12": "MIIMrgIBAzCCDGcGCSqGSIb3DQEHAaCCDFgEggxUMIIMUDCC"
  }
}