update
All checks were successful
Deploy Static Site / deploy (push) Successful in 6m6s

This commit is contained in:
2025-05-29 16:42:45 +04:00
parent e217f89702
commit 00717a92fb
2681 changed files with 173810 additions and 0 deletions

325
platform/install-vault.html Normal file
View File

@ -0,0 +1,325 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>Install HashiCorp Vault</title>
<meta name="generator" content="Help+Manual" />
<meta name="keywords" content="" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="HashiCorp Vault is an open-source tool that provides secure storage and encryption of confidential data, as well as access to data based on identity through customizable..." />
<meta name="picture" content="" />
<meta property="og:type" content="website" />
<meta property="og:title" content="Full documentation for BRIX365 platform. Low-code developer guide. User guide. Admin guide. Developer guide." />
<meta property="og:url" content="https://brix365.com/en/help" />
<meta property="og:image" content="" />
<link rel="icon" href="favicon.png" type="image/png" />
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet" />
<link rel="stylesheet" href="./jquery-ui.min.css" />
<link rel="stylesheet" href="default.css" />
<link rel="stylesheet" href="./search-yandex.css" />
<link rel="stylesheet" href="./article.css" />
<link rel="stylesheet" href="./glossary.css" />
<link rel="stylesheet" href="./theme.css" />
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="helpman_settings.js"></script>
<script type="text/javascript" src="helpman_topicinit.js"></script>
<script type="text/javascript" src="highlight.js"></script>
<script type="text/javascript">
$(document).ready(function(){highlight();});
</script>
</head>
<body>
<script>!function(e,t,c,n,r,a,m){e.ym=e.ym||function(){(e.ym.a=e.ym.a||[]).push(arguments)},e.ym.l=1*new Date;for(var s=0;s<document.scripts.length;s++)if(document.scripts[s].src===n)return;a=t.createElement(c),m=t.getElementsByTagName(c)[0],a.async=1,a.src=n,m.parentNode.insertBefore(a,m)}(window,document,"script","https://mc.yandex.ru/metrika/tag.js"),ym(83179930,"init",{clickmap:!0,trackLinks:!0,accurateTrackBounce:!0,webvisor:!0})</script><noscript><div><img alt=""src=https://mc.yandex.ru/watch/83179930 style=position:absolute;left:-9999px></div></noscript>
<header class="header elma-365">
<div class="container">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-en.svg" alt="header logo">
</a>
<!-- <div class="hero__search-form" id="search-panel">
<form class="search-form" onsubmit="ym(83180416,'reachGoal','poisk')">
<label class="search-form__label">
<span id="reset-search" class="search__icon"></span>
<input class="search-form__input" type="text">
</label>
<input class="search-form__submit" type="submit" value="Submit">
</form>
</div> -->
<div class="hero__search-form" id="search-panel"> <form class="search-form"> <label class="search-form__label"> <span id="reset-search" class="search__icon"></span> <input class="search-form__input" type="text"> </label> <input class="search-form__submit" type="submit" value="Submit"> </form> </div>
<div class="hero__search">
<a href="#" id="search-icon" class="hero__search-icon">
<img src="search-icon-white.svg" alt="search string">
</a>
<a href="#" id="side-menu-icon" class="hero__side-icon">
<img src="side_menu.svg" alt="side menu">
</a>
</div>
<div class="header__navi">
<ul class="header__list"><li><span class="solution-select"><span class="solution-select__selected"></span><svg width="7" height="4" viewBox="0 0 7 4" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 1L3.5 3.5L6 1" stroke="white" stroke-linecap="round" stroke-linejoin="round"/></svg><ul class="solution-select__list"><li><a class="project-link" href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a class="project-link" href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a class="project-link" href="https://brix365.com/en/help/crm/crm_overview.html">CRM</a></li><li><a class="project-link" href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a class="project-link" href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li><li><a class="project-link" href="https://brix365.com/en/help/business_solutions/-elma365-store.html">Business Solutions</a></li></ul></span></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li><li><a href="https://tssdk.brix365.com/" target="_blank">SDK</a></li></ul>
</div>
</div>
</header>
<main class="main container">
<aside class="sidebar" id="sidebar">
<div class="sidebar__header">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-light-en.svg">
</a>
<span class="sidebar__close elma-365-close" id="close"></span>
</div>
<div class="sidebar__wrapper" id="side-menu">
</div>
</aside>
<article class="article" id="article">
<div class="article-inner">
<div class="content">
<header class="article__header">
<div class="article__bread" style="display:flex; gap:10px;">
<span id="subcategory" class="search-res__item-category search-res__item-category_subcategory subcategory article__badge"></span>
<div class="topic__breadcrumbs">
<p><a href="elma365-on-premises.html">BRIX On-Premises</a> &gt; <a href="elma365-enterprise.html">BRIX On-Premises Enterprise</a> &gt; Install add-on components for BRIX / Install HashiCorp Vault</p>
</div>
</div>
<div class="topic__title"><h1 class="p_Heading1"><span class="f_Heading1">Install HashiCorp Vault</span></h1>
</div>
</header>
<section class="article__content">
<div class="scroll-top-inner">
<a href="#h1-article" class="scroll-top"></a>
</div>
<!-- Placeholder for topic body. -->
<p class="p_Normal">HashiCorp Vault is an open-source tool that provides secure storage and encryption of confidential data, as well as access to data based on identity through customizable policies.</p>
<p class="p_Normal">The installation of HashiCorp Vault consists of the following steps:</p>
<ol style="list-style-type:decimal">
<li value="1" class="p_Normal"><a href="install-vault.html#install-config-file-vault" class="topiclink">Download the Helm chart and Vault configuration file</a>.</li><li value="2" class="p_Normal"><a href="install-vault.html#vault-parameters" class="topiclink">Fill out the Vault configuration file</a>.</li><li value="3" class="p_Normal"><a href="install-vault.html#install-vault" class="topiclink">Install Vault using Helm in a Kubernetes cluster</a>.</li><li value="4" class="p_Normal"><a href="install-vault.html#vault-settings" class="topiclink">Configure Vault</a>.</li></ol>
<h2 class="p_Heading2"><a id="install-config-file-vault" class="hmanchor"></a><span class="f_Heading2">Step 1: Download the Helm chart and Vault configuration file</span></h2>
<p class="p_Normal">To install via the internet, obtain the configuration file <code><b>values-vault.yaml</b></code> by running the command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm&nbsp;repo&nbsp;add&nbsp;elma365&nbsp;https://charts.elma365.tech</span><br />
<span class="f_CodeExample">helm&nbsp;repo&nbsp;update</span><br />
<span class="f_CodeExample">helm&nbsp;show&nbsp;values&nbsp;elma365/vault&nbsp;&gt;&nbsp;values-vault.yaml</span></p>
<p class="p_Normal"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A1')">Obtaining the configuration file for installation in an isolated environment without internet access</a></p>
<div id="TOGGLE0186A1" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 0;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><ol style="list-style-type:decimal">
<li value="1" class="p_Normal" style="page-break-after: avoid;">On a computer with internet access, download the BRIX images and upload them to the local image registry by running the following command.:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid; page-break-after: avoid;"><span class="f_CodeExample">helm&nbsp;repo&nbsp;add&nbsp;elma365&nbsp;https://charts.elma365.tech</span><br />
<span class="f_CodeExample">helm&nbsp;repo&nbsp;update</span><br />
<span class="f_CodeExample">helm&nbsp;pull&nbsp;elma365/vault</span></p>
<p class="p_Normal" style="page-break-after: avoid;">&nbsp;<br />
To learn more, see <a href="downloadin-images-elma365.html" class="topiclink">Download BRIX imagaes</a>.</p>
<ol style="list-style-type:decimal">
<li value="2" class="p_Normal" style="page-break-after: avoid;">Copy the downloaded archive of the chart <span style="font-weight: bold;">vault-X.Y.Z.tgz</span> to the server where the installation will take place.</li><li value="3" class="p_Normal" style="page-break-after: avoid;">Unpack the chart and copy the default configuration file <code><b>values.yaml</b></code> to <code><b>values-vault.yaml</b></code>:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid; page-break-after: avoid;"><span class="f_CodeExample">tar&nbsp;-xf&nbsp;vault-X.Y.Z.tgz</span><br />
<span class="f_CodeExample">cp&nbsp;vault/values.yaml&nbsp;values-vault.yaml</span></p>
</td>
</tr>
</table>
</div>
<h2 class="p_Heading2"><a id="vault-parameters" class="hmanchor"></a><span class="f_Heading2">Step 2: Fill out the Vault configuration file</span></h2>
<p class="p_Normal">Fill out the configuration file <code><b>values-vault.yaml</b></code> to install the <span style="font-weight: bold;">Vault </span>service.</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">#&nbsp;Vault&nbsp;settings</span><br />
<span class="f_CodeExample">vault:</span><br />
<span class="f_CodeExample"> &nbsp;global:</span><br />
<span class="f_CodeExample">#&nbsp;if&nbsp;not&nbsp;defined,&nbsp;StorageClass&nbsp;is&nbsp;used&nbsp;by&nbsp;default</span><br />
<span class="f_CodeExample"> &nbsp;&nbsp;&nbsp;storageClass:&nbsp;&quot;&quot;</span><br />
<span class="f_CodeExample">...</span></p>
<p class="p_Normal"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A2')">Filling in the connection parameters for a private registry for installation in an isolated environment without internet access involves the following steps:</a></p>
<div id="TOGGLE0186A2" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 0;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><p class="p_Normal" style="page-break-after: avoid;">&nbsp;<br />
To connect to a private <span style="font-weight: bold;">registry</span>, you need to follow these steps:</p>
<ol style="list-style-type:decimal">
<li value="1" class="p_Normal" style="page-break-after: avoid;">Download the BRIX images and upload them to your local image registry. For more details, refer to the article <a href="downloadin-images-elma365.html" class="topiclink">Download BRIX images</a>.</li><li value="2" class="p_Normal" style="page-break-after: avoid;">Specify the address and path in the parameters <code><b>server.image.registry</b></code>, <code><b>server.image.repository</b></code>, <code><b>injector.image.registry</b></code> and <code><b>injector.image.repository</b></code>.</li><li value="3" class="p_Normal" style="page-break-after: avoid;">Specify the name of the secret with access rights to the private registry in the <code><b>imagePullSecrets</b></code> parameter. The secret must be manually created and encrypted in Base64.</li></ol>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: auto; page-break-after: avoid;"><span class="f_CodeExample"># Vault settings</span><br />
<span class="f_CodeExample">vault:</span><br />
<span class="f_CodeExample">...</span><br />
<span class="f_CodeExample">  server:</span><br />
<span class="f_CodeExample"># Parameters for connecting to the private registry</span><br />
<span class="f_CodeExample">  &nbsp; image:</span><br />
<span class="f_CodeExample"># address and path for the private registry</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; registry: hub.elma365.tech</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; repository: docker/addons/bitnami/vault</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; tag: 1.17.5-debian-12-r0</span><br />
<span class="f_CodeExample"># The secret with access permissions to the private registry must be manually created and encrypted in Base64</span><br />
<span class="f_CodeExample">#  &nbsp; &nbsp; pullSecrets:</span><br />
<span class="f_CodeExample">#  &nbsp; &nbsp; &nbsp; - name: &quot;myRegistryKeySecretName&quot;</span><br />
<span class="f_CodeExample">  injector:</span><br />
<span class="f_CodeExample"># Parameters for connecting to the private registry</span><br />
<span class="f_CodeExample">  &nbsp; image:</span><br />
<span class="f_CodeExample"># address and path for the private registry</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; registry: hub.elma365.tech</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; repository: docker/addons/bitnami/vault-k8s</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; tag: 1.4.2-debian-12-r5</span><br />
<span class="f_CodeExample"># The secret with access permissions to the private registry must be manually created and encrypted in Base64</span><br />
<span class="f_CodeExample">#  &nbsp; &nbsp; pullSecrets:</span><br />
<span class="f_CodeExample">#  &nbsp; &nbsp; &nbsp; - name: &quot;myRegistryKeySecretName&quot;</span></p>
<p class="p_Normal" style="page-break-after: avoid;">Where: </p>
<ul style="list-style-type:disc">
<li class="p_Normal" style="page-break-after: avoid;"><span style="font-weight: bold;">registry </span>format is:<span style="font-weight: bold;"> </span>address <code><b>hub.elma365.tech</b></code>;</li><li class="p_Normal" style="page-break-after: avoid;"><span style="font-weight: bold;">repository </span>format is:<span style="font-weight: bold;"> </span>path <code><b>docker/addons/bitnami/vault, docker/addons/bitnami/vault-k8s</b></code>.</li></ul>
</td>
</tr>
</table>
</div>
<h2 class="p_Heading2"><a id="install-vault" class="hmanchor"></a><span class="f_Heading2">Step 3: Install Vault using Helm in a Kubernetes cluster</span></h2>
<p class="p_Normal">Perform the installation of the <span style="font-weight: bold;">Vault</span> service in a separate <code><b>namespace</b></code>, for example, <span style="font-weight: bold;">vault</span>. <code><b>Namespace</b></code> will be created during installation if it hasn't been created earlier.</p>
<p class="p_Normal">For installation with internet access, run the following command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm&nbsp;upgrade&nbsp;--install&nbsp;vault&nbsp;elma365/vault&nbsp;-f&nbsp;values-vault.yaml&nbsp;-n&nbsp;vault&nbsp;--create-namespace</span></p>
<p class="p_Normal">For offline installation (without internet access), navigate to the directory with the downloaded service and run the following command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm&nbsp;upgrade&nbsp;--install&nbsp;vault&nbsp;./vault&nbsp;-f&nbsp;values-vault.yaml&nbsp;-n&nbsp;vault&nbsp;--create-namespace</span></p>
<h2 class="p_Heading2"><a id="vault-settings" class="hmanchor"></a><span class="f_Heading2">Step 4: Configure Vault</span></h2>
<ol style="list-style-type:decimal">
<li value="1" class="p_Normal">Make sure that the satus of <code><b>vault-server-0</b></code> is <code><b>Running</b></code>:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;get&nbsp;pods&nbsp;-n&nbsp;vault </span></p>
<p class="p_Normal">2. Initialize <span style="font-weight: bold;">Vault</span>:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;exec&nbsp;-ti&nbsp;vault-server-0&nbsp;-n&nbsp;vault&nbsp;--&nbsp;vault&nbsp;operator&nbsp;init</span></p>
<p class="p_Normal">3. After initialization, retrieve the list of &nbsp;keys (<code><b>Unseal Key X:</b></code>) and the root token (<code><b>Initial Root Token</b></code>). Use three keys to unlock the <span style="font-weight: bold;">Vault</span> service:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;exec&nbsp;vault-server-0&nbsp;-n&nbsp;vault&nbsp;--&nbsp;vault&nbsp;operator&nbsp;unseal&nbsp;&lt;Unseal&nbsp;Key&nbsp;1&gt;</span><br />
<span class="f_CodeExample">kubectl&nbsp;exec&nbsp;vault-server-0&nbsp;-n&nbsp;vault&nbsp;--&nbsp;vault&nbsp;operator&nbsp;unseal&nbsp;&lt;Unseal&nbsp;Key&nbsp;2&gt;</span><br />
<span class="f_CodeExample">kubectl&nbsp;exec&nbsp;vault-server-0&nbsp;-n&nbsp;vault&nbsp;--&nbsp;vault&nbsp;operator&nbsp;unseal&nbsp;&lt;Unseal&nbsp;Key&nbsp;3&gt;&nbsp;</span></p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">Начало&nbsp;внимание</span></p>
<p class="p_Normal">If the <span style="font-weight: bold;">Vault</span> service restarts, it will need to be unsealed again using the keys.</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">Конец&nbsp;внимание</span></p>
<p class="p_Normal">4. After initialization and unsealing, connect to <code><b>vault-server-0</b></code> and authenticate in <span style="font-weight: bold;">Vault</span> using the root key (<code><b>Initial Root Token</b></code>):</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;exec&nbsp;-ti&nbsp;vault-server-0&nbsp;-n&nbsp;vault&nbsp;--&nbsp;/bin/sh</span><br />
<span class="f_CodeExample">vault&nbsp;login</span></p>
<p class="p_Normal">5. Check the service state:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;status&nbsp;&nbsp;&nbsp;</span></p>
<p class="p_Normal">6. Enable the secrets mechanism <code><b>kv-v2</b></code> on the path of <code><b>secret</b></code>:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;secrets&nbsp;enable&nbsp;-path=secret&nbsp;kv-v2&nbsp;&nbsp;</span></p>
<p class="p_Normal">7. Create a secret at the path <code><b>secret/elma365/db</b></code>. For the secret, use the actual connection strings for the database (<code><b>сonnection strings</b></code>) and parameters for connecting to the S3 file storage, following the pattern in <a href="installing-elma365-enterprise.html#config_file" class="topiclink">values-elma365.yaml</a>: <code><b>PSQL_URL</b></code>, <code><b>RO_POSTGRES_URL</b></code>, <code><b>MONGO_URL</b></code>, <code><b>VAHTER_MONGO_URL</b></code>, <code><b>REDIS_URL</b></code>, <code><b>AMQP_URL</b></code>, <code><b>S3_BACKEND_ADDRESS</b></code>, <code><b>S3_REGION</b></code>, <code><b>S3_KEY</b></code>, <code><b>S3_SECRET</b></code>, <code><b>S3_BUCKET</b></code>, <code><b>S3_SSL_ENABLED</b></code>, <code><b>S3_UPLOAD_METHOD</b></code>, <code><b>S3_DUMP_URL</b></code>, <code><b>S3_VIRTUAL_HOSTED_STYLE_ENABLED</b></code>. </p>
<p class="p_Normal">If a parameter, for example <code><b>RO_POSTGRES_URL</b></code> or <code><b>S3_DUMP_URL</b></code> is not used, create it with an empty value:</p>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: auto; page-break-after: avoid;"><span class="f_CodeExample">vault kv put secret/elma365/db \</span><br />
<span class="f_CodeExample">PSQL_URL=&quot;postgresql://postgres:pgpassword@postgres.default.svc.cluster.local:5432/elma365?sslmode=disable&quot; \</span><br />
<span class="f_CodeExample">RO_POSTGRES_URL=&quot;&quot; \</span><br />
<span class="f_CodeExample">MONGO_URL=&quot;mongodb://elma365:mongopassword@mongo.default.svc.cluster.local:27017/elma365?ssl=false&amp;replicaSet=rs0&amp;readPreference=secondaryPreferred&quot; \</span><br />
<span class="f_CodeExample">VAHTER_MONGO_URL=&quot;mongodb://elma365:mongopassword@mongo.default.svc.cluster.local:27017/elma365?ssl=false&amp;replicaSet=rs0&amp;readPreference=secondaryPreferred&quot; \</span><br />
<span class="f_CodeExample">REDIS_URL=&quot;redis://redis.default.svc.cluster.local:6379/0&quot; \</span><br />
<span class="f_CodeExample">AMQP_URL=&quot;amqp://elma365:rmqpassword@rabbitmq.default.svc.cluster.local:5672/elma365&quot; \</span><br />
<span class="f_CodeExample">S3_BACKEND_ADDRESS=&quot;example.com&quot; \</span><br />
<span class="f_CodeExample">S3_REGION=&quot;us-east-1&quot; \</span><br />
<span class="f_CodeExample">S3_KEY=&quot;PZSF73JG72Ksd955JKU1HIA&quot; \</span><br />
<span class="f_CodeExample">S3_SECRET=&quot;aFDkj28Jbs2JKbnvJH678MNwiz88zKjsuNBHHs&quot; \</span><br />
<span class="f_CodeExample">S3_BUCKET=&quot;s3elma365&quot; \</span><br />
<span class="f_CodeExample">S3_SSL_ENABLED=&quot;false&quot; \</span><br />
<span class="f_CodeExample">S3_UPLOAD_METHOD=&quot;PUT&quot; \</span><br />
<span class="f_CodeExample">S3_DUMP_URL=&quot;&quot; \</span><br />
<span class="f_CodeExample">S3_VIRTUAL_HOSTED_STYLE_ENABLED=&quot;false&quot; </span> &nbsp;</p>
<p class="p_Normal">8. Make sure the secret is created at the path <code><b>secret/elma365/db</b></code>:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;kv&nbsp;get&nbsp;secret/elma365/db&nbsp;&nbsp;</span></p>
<p class="p_Normal">9. Enable the Kubernetes authentication method:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;auth&nbsp;enable&nbsp;kubernetes&nbsp;&nbsp;&nbsp;&nbsp;</span></p>
<p class="p_Normal">10. Configure the Kubernetes authentication method to use the Kubernetes API location:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;write&nbsp;auth/kubernetes/config&nbsp;\</span><br />
<span class="f_CodeExample">kubernetes_host=&quot;https://$KUBERNETES_PORT_443_TCP_ADDR:443&quot;</span></p>
<p class="p_Normal">11. Create a policy for reading secrets at the address <code><b>secret/data/elma365/db</b></code>:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;policy&nbsp;write&nbsp;read-secret-elma365&nbsp;-&nbsp;&lt;&lt;EOF</span><br />
<span class="f_CodeExample">path&nbsp;&quot;secret/data/elma365/db&quot;&nbsp;{</span><br />
<span class="f_CodeExample"> &nbsp;capabilities&nbsp;=&nbsp;[&quot;read&quot;]</span><br />
<span class="f_CodeExample">}</span><br />
<span class="f_CodeExample">EOF</span></p>
<p class="p_Normal">12. Create a role named <span style="font-weight: bold;">read-secret-elma365</span>, which links the <span style="font-weight: bold;">read-secret-elma365</span> policy to the <span style="font-weight: bold;">vault-auth</span> service account in the <code><b>namespace</b></code> where BRIX is installed (e.g., <span style="font-weight: bold;">elma365</span>). The service account is created with the following command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">vault&nbsp;write&nbsp;auth/kubernetes/role/read-secret-elma365&nbsp;\</span><br />
<span class="f_CodeExample">bound_service_account_names=vault-auth&nbsp;\</span><br />
<span class="f_CodeExample">bound_service_account_namespaces=elma365&nbsp;\</span><br />
<span class="f_CodeExample">policies=read-secret-elma365&nbsp;\</span><br />
<span class="f_CodeExample">ttl=24h</span></p>
<p class="p_Normal">13. Exit <span style="font-weight: bold;">Vault</span>: </p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">exit</span></p>
<p class="p_Normal">14. Create the <span style="font-weight: bold;">vault-auth</span> service account in the <code><b>namespace</b></code> where BRIX is installed (e.g., <span style="font-weight: bold;">elma365</span>):</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">kubectl&nbsp;create&nbsp;serviceaccount&nbsp;vault-auth&nbsp;-n&nbsp;elma365</span></p>
<p class="p_Normal" style="page-break-after: avoid;">Secrets in the Kubernetes cluster can be synchronized using HashiCorp Vault with the External Secrets Operator. Read more in <a href="install-external-secrets-operator.html" class="topiclink">Install External Secrets Operator</a>.</p>
<h2 class="p_Heading2"><span class="f_Heading2">Remove Vault using Helm in the Kubernetes cluster</span></h2>
<p class="p_Normal">To uninstall the <span style="font-weight: bold;">Vault</span> service in the <span style="font-weight: bold;">vault</span> <code><b>namespace</b></code>, execute the command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm&nbsp;uninstall&nbsp;vault&nbsp;-n&nbsp;vault</span></p>
<div class="bottom-nav">
<a id="prev-link" class="topic__navi_prev" href="install-longhorn.html">
<span class="bottom-nav__arrow bottom-nav__arrow--prev"></span> <span
class="bottom-nav__link">install-longhorn.html</span>
</a>
<a id="next-link" class="topic__navi_next" href="install-external-secrets-operator.html">
<span class="bottom-nav__link">install-external-secrets-operator.html</span> <span
class="bottom-nav__arrow bottom-nav__arrow--next"></span>
</a>
</div>
<!-- добавляет на страницу строку блок Была ли статья полезной? -->
<div class="feedback" id="feedback"><div class="feedback-help"><span><b>Was this helpful?</b></span><form action="" method="POST" class="feedback-form" id="feedback-form"><div class="feedback__popup feedback__popup-response" id="feedback__popup_thx" style="display: none;">Thanks for your feedback!</div><div class="feedback__popup" id="feedback__popup_why" style="display: none;"><div class="feedback__popup-header">Please specify why:</div><input type="radio" name="category" id="bad_recommendation" value="bad_recommendation"><label for="bad_recommendation">Recommendations did not help me</label><input type="radio" name="category" id="difficult_text" value="difficult_text"><label for="difficult_text">Article is hard to understand</label><input type="radio" name="category" id="no_answer" value="no_answer"><label for="no_answer">Didn`t answer my question</label><input type="radio" name="category" id="bad_header" value="bad_header"><label for="bad_header">Content does not match the topic</label><input type="radio" name="category" id="other_reason" value="other_reason"><label for="other_reason">Other</label></div><div class="feedback__popup" id="feedback__popup-other" style="display: none;"><div class="feedback__popup-header">How we can improve it?</div><textarea class="feedback__textarea" name="other" id=""></textarea><input type="submit" class="feedback__other-btn" value="Submit"></div><div class="feedback-form__btn-group"><input type="radio" name="useful" id="feedback__useful_yes" value="true"><label for="feedback__useful_yes"><img src="like.svg" class="small-img" alt="like"><spanclass="feedback-form__btn-group_yes-btn">Yes</spanclass="feedback-form__btn-group_yes-btn"></label><input type="radio" name="useful" id="feedback__useful_no" value="false"><label for="feedback__useful_no"><img src="dislike.svg" class="small-img" alt="dislike"><spanclass="feedback-form__btn-group_no-btn">No</spanclass="feedback-form__btn-group_no-btn"></label></div><select name="category"><option disabled="">Please specify why</option><option value="bad_recommendation" selected="">Recommendations did not help me</option><option value="difficult_text">Article is hard to understand</option><option value="no_answer">Didn`t answer my question</option><option value="bad_header">Content does not match the topic</option><option value="other_reason">Other</option></select><input type="submit"></form></div><div class="found_typo"><p style="margin: 0px; margin-top: 16px !important;"><span><b>Found a typo?</b></span> Select it and press <i>Ctrl+Enter</i> to send us feedback</p></div></div>
</section>
</div>
<aside class="article__sidebar" style="display:none">
<input type="checkbox" />
<div class="article__arrow"></div>
<div class="table-of-contents elma365-right" id="toc2Content">
<h3 class="h3-toc">In this topic</h3>
<nav id="toc2"></nav>
</div>
</aside>
</div>
</article>
</main>
<footer class="footer">
<div class="footer-container">
<div class="footer-mobile">
<ul class="footer-mobile__list"><li><a href="https://brix365.com/en/" target="_blank">BRIX</a></li><li><a href="https://tssdk.brix365.com/en/latest/" target="_blank">SDK</a></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li></ul><ul class="footer-mobile__list"><li><a href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li></ul>
</div>
<div class="footer-wrap">
<div><span class="mobile-question-popup">Send feedback</span><form method="POST" action class="question__popup question-xs" id="question__popup"><div class="question-wrap"><span class="close"></span><span class="title">Ask a question</span><label for="help_question" style="display: none;"></label><textarea name="help_question" id="help_question"></textarea><input type="submit" value="Send"></div></form><div class="hidden fade-in question-success-xs">Sent</div></div>
<div class="footer-flex-b">
<span class="footer-copy">&copy; 2025 BRIX</span>
<ul class="footer-list">
<li class="footer-item">
<a href="#" class="arrow-top" style="display: block;"></a>
</li>
</ul>
</div>
</div>
</div>
</footer>
<iframe name="hmnavigation" style="display:none!important"></iframe>
<script src="./jquery-ui.js"></script>
<!--script src="//cdn.jsdelivr.net/npm/featherlight@1.7.14/release/featherlight.min.js" type="text/javascript" charset="utf-8"></script-->
<script src="./jquery.tocify.min.js"></script>
<script src="./TypoReporter.min.js"></script>
<script src="./google-search.js"></script>
<script src="./main.js"></script>
<script type="text/javascript">
HMInitToggle('TOGGLE0186A1','hm.type','dropdown','hm.state','0');
HMInitToggle('TOGGLE0186A2','hm.type','dropdown','hm.state','0');
</script>
</body>
</html>