forked from Sasano63/vault-k8s-demo-python-mysql-webapp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path12_transform_ssn_setup.sh
executable file
·25 lines (21 loc) · 1.04 KB
/
12_transform_ssn_setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/bin/sh
set -o xtrace
export VAULT_ADDR=http://localhost:30000
export VAULT_TOKEN=root
export VAULT_NAMESPACE=dev
#enable the transform secret engine
vault secrets enable -path=data_protection/transform transform
#Define a rol ssn with transformation ssn
vault write data_protection/transform/role/ssn transformations=ssn
#create a transformation of type fpe using built in template for social security number and assign role ssn to it that we created earlier
vault write data_protection/transform/transformation/ssn type=fpe template=builtin/socialsecuritynumber tweak_source=internal allowed_roles=ssn
#test if the transformation was created successfully
vault list data_protection/transform/transformation
vault read data_protection/transform/transformation/ssn
#test if you are able to transform a SSN
vault write data_protection/transform/encode/ssn value=111-22-3333
#test decode with following statements
#export VAULT_ADDR=http://localhost:8200
#export VAULT_TOKEN=root
#export VAULT_NAMESPACE=dev
#vault write data_protection/transform/decode/ssn value=