Update EGI vault address and documentation tuning

0b281f42 · František Dvořák · e0c23a68 · 0b281f42
Commit 0b281f42 authored May 29, 2024 by František Dvořák
--- a/README.md
+++ b/README.md
@@ -9,20 +9,22 @@ Notebooks.

 Prepare environment for interrating with Hashicorp Vault:

-    export VAULT_ADDR=https://vault.services.fedcloud.eu:8200
+    export VAULT_ADDR=https://secrets.egi.eu

 Login:

-    # get the service token
-    read OIDC_ACCESS_TOKEN
+    # optional (values from environment)
+    # read CLIENT_ID CLIENT_SECRET
+    # export CLIENT_ID CLIENT_SECRET

    # login to vault
-    export VAULT_TOKEN=$(vault write auth/jwt/login jwt=$OIDC_ACCESS_TOKEN | grep -Po 'token\s+\K[^\s]+$')
+    ./vault-login.py

-Note: values were created as admin by commands (replace $SECRET\_NAME and $VALUE):
+Note: example commands to create secrets for "eosc-dev":

    prefix=/users/e1662e20-e34b-468c-b0ce-d899bc878364@egi.eu/eosc-dev
-    vault kv put -mount secrets $prefix/nexus_admin_password/$SECRET_NAME value=$VALUE
+    vault kv put -mount secrets $prefix/FEDCLOUD_DYNAMIC_DNS $HOST1=$SECRET1 $HOST2=$SECRET2
+    vault kv put -mount secrets $prefix/deployment-hub checkin_host=... client_id=... client_secret=...

 ## Sites