This repository is a streamlined systemd setup for automating password rotation with Hashicorp Vault.
- Running Hashicorp Vault server instance. (Inbound TCP port 8200 to Vault)
- Seth Vargo's plugin configured and installed: vault-secrets-gen plugin
- Version 2 K/V secrets backend mounted at systemcreds:
vault secrets enable -version=2 -path=systemcreds/ kv
vault policy write policy-service-linux-rotate polcies/policy-service-linux-rotate.hcl
vault policy write policy-systemcreds-linux policies/policy-systemcreds-linux.hcl
vault token create -period 960h -policy policy-service-linux-rotate -display-name service-linux-rotate
dnf install painless-password-rotation
Update Vault Address and Token in /etc/sysconfig/vault-rotate
VAULT_ADDR="https://your_vault.server.com:8200"
VAULT_TOKEN="hvs.my-vault-token"
systemctl start rotate-password.service
systemctl enable rotate-password.timer
systemctl start rotate-password.timer