From 17740fcd716aa421c7cb9e020162637484f92e82 Mon Sep 17 00:00:00 2001 From: Jens Hofmann Date: Fri, 5 May 2023 01:17:57 +0200 Subject: [PATCH] Update elasticdb.mdx (#20437) * Update elasticdb.mdx Remove success message of vault write operations from text blocks to better support copy&paste to console * Update code block types --------- Co-authored-by: Yoko Hyakuna --- .../content/docs/secrets/databases/elasticdb.mdx | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/website/content/docs/secrets/databases/elasticdb.mdx b/website/content/docs/secrets/databases/elasticdb.mdx index 66c76e483133..137bbc207484 100644 --- a/website/content/docs/secrets/databases/elasticdb.mdx +++ b/website/content/docs/secrets/databases/elasticdb.mdx @@ -90,7 +90,7 @@ $ curl \ The contents of `data.json` in this example are: -``` +```json { "password" : "myPa55word", "roles" : [ "vault" ], @@ -108,7 +108,7 @@ Now, Elasticsearch is configured and ready to be used with Vault. 1. Enable the database secrets engine if it is not already enabled: - ```text + ```shell-session $ vault secrets enable database Success! Enabled the database secrets engine at: database/ ``` @@ -118,7 +118,7 @@ Now, Elasticsearch is configured and ready to be used with Vault. 1. Configure Vault with the proper plugin and connection information: - ```text + ```shell-session $ vault write database/config/my-elasticsearch-database \ plugin_name="elasticsearch-database-plugin" \ allowed_roles="internally-defined-role,externally-defined-role" \ @@ -135,25 +135,23 @@ Now, Elasticsearch is configured and ready to be used with Vault. a privilege escalation by editing a role's privileges out-of-band in Elasticsearch: - ```text + ```shell-session $ vault write database/roles/internally-defined-role \ db_name=my-elasticsearch-database \ creation_statements='{"elasticsearch_role_definition": {"indices": [{"names":["*"], "privileges":["read"]}]}}' \ default_ttl="1h" \ max_ttl="24h" - Success! Data written to: database/roles/internally-defined-role ``` 1. Alternatively, configure a role that maps a name in Vault to a pre-existing role definition in Elasticsearch: - ```text + ```shell-session $ vault write database/roles/externally-defined-role \ db_name=my-elasticsearch-database \ creation_statements='{"elasticsearch_roles": ["pre-existing-role-in-elasticsearch"]}' \ default_ttl="1h" \ max_ttl="24h" - Success! Data written to: database/roles/externally-defined-role ``` ## Usage @@ -164,7 +162,7 @@ the proper permission, it can generate credentials. 1. Generate a new credential by reading from the `/creds` endpoint with the name of the role: - ```text + ```shell-session $ vault read database/creds/my-role Key Value --- -----