Show Table of Contents
25.6. Storing a Common Secret for Multiple Users
This section shows how an administrator can create a shared vault and allow other users to access the secret in the vault. The administrator archives a common password into the vault, and the other users are able to retrieve the password on any machine in the domain.
This section includes these procedures:
In the procedures:
shared_vaultis the vault used to store the common passwordadminis the administrator who creates the shared vault- the vault type is
standard, so that accessing the archived password does not require the user to provide a vault password secret.txtis the file containing the common secretuser1anduser2are the users allowed to access the vault
25.6.1. Creating the Shared Vault with the Common Secret
Create a shared vault and use it to store the common secret. Add the users who will be accessing the secret as vault members. The vault type is standard, which ensures any user accessing the secret will not be required to authenticate.
- Log in as the administrator:
$ kinit admin
- Create the shared vault:
$ ipa vault-add shared_vault --shared --type standard --------------------------- Added vault "shared_vault" --------------------------- Vault name: shared_vault Type: standard Owner users: admin Shared vault: True
- Archive the secret into the vault. Add the
--sharedoption to specify that the vault is in the shared container:$ ipa vault-archive shared_vault --shared --in secret.txt ----------------------------------- Archived data into vault "shared_vault" -----------------------------------
Note
One vault can only store one secret. - Add
user1anduser2as vault members:ipa vault-add-member shared_vault --shared --users={user1,user2} Vault name: shared_vault Type: standard Owner users: admin Shared vault: True Member users: user1, user2 ------------------------- Number of members added 2 -------------------------
25.6.2. Retrieving a Secret from a Shared Vault as a Member User
Log in as a member user of the vault, and export the file with the secret from the vault.
- Log in as the
user1member user:$ kinit user1
- Retrieve the secret from the shared vault:
$ ipa vault-retrieve shared_vault --shared --out secret_exported.txt ----------------------------------------- Retrieved data from vault "shared_vault" -----------------------------------------
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.