vault

Overview of the Issue

Hello,

consul tls ca create creates a private key file that is world-readable.

Instead, it should create it with permissions 0600, to reduce the possibility of information disclosure (and subsequent elevation of privilege).

Details

What I did

$ consul tls ca create
==> Saved consul-agent-ca.pem
==> Saved consul-agent-ca-key.pem

W

Consul Template version

consul-template v0.25.0 (99efa64)

Configuration

Config: test.hcl

log_level = debug

template {
  contents = "{{ key \"hello\" }}"
  destination = "hello.txt"
  exec {
    command = "cat hello.txt"
  }
}

template {
  contents = "{{ key \"sleep\" }}"
  destination = "sleep.txt"
  exec {
    command = "sleep 2s"
    timeout = "4s"
 

I wanted to suggest this because I just started using this thing to document my own charts: https://github.com/norwoodj/helm-docs

Its trivial to use, just install the tool, use its comment syntax in your Chart.yaml and values.yaml and your done! You can customize it, but so far I haven't needed to use my own templating for it, just let it read the chart.yaml and values.yaml. It has examples in

Is your feature request related to a problem? Please describe.
Vault has backends for AWS like dynamo and s3. However to use them you should provide credentials. AWS support 2 solutions to eliminate this. IAM roles for Service Accounts and Instance profile roles.
Due to some unknown reason vault requires more time to start when using dynamic creds than explicit definition keys in s3 block o

So there is currently an hvac.v1.Client.sys.list_mounted_secrets_engines() method.

However, for obvious reasons this will fail as it will attempt to list all mounted secrets engines (as it calls /v1/sys/mounts).

The web UI, however, shows what mounts the current token has access to.

While poking around the live API documentation the other day (`VAULT_BASE_URI/ui/vault/api-explorer

Currently pressing ctrl+c while scans are going on we get a big traceback.
It would be nice if we can handle that traceback and print something nice like Canceled by the user or something similar.

Read this to understand how to do it properly.