You'll need the following environment variable set:
| Variable | Purpose |
|---|---|
| VAULT_URL | URL for vault server |
| VAULT_TOKEN | Root token for vault |
| LS_CLIENTNAME | CN for Logstash client |
| LS_SERVERNAME | CN for Logstash server |
Here's the skinny: Run this task with the right creds and you'll be returned the following on stdout:
- logstash server vault token
- logstash client vault token
These will give you access to the credentials auto-generated by this tool and inserted into your Vault. The paths for accessing these credentials are:
| Path | Purpose |
|---|---|
| /server/cert | Logstash server certifcate |
| /server/key | Logstash server key |
| /client/ca | CA certificate for client |
| /client/cert | Logstash client certificate |
| /client/key | Logstash client key |
The first portion of the path represents the token required to access the credential.
This goes into your sitch sensor and logstash server configuration. Using this will allow a rapid re-key of your log delivery infrastructure. Create a new Vault and kick this off. When it completes, place the tokens in your delivery system (resin.io application environment variable for the sensor, and whatever your container orchestration system is for the Logstash server). Then restart your Logstash server container and Resin application with the new credentials. Voila.