Vault needs to know about the Artifactory application so Artifactory can authenticate against it. First, we need to create an AppRole file:
echo 'path "secret/*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}' > artifactory-policy.hcl
Then load this file into Vault:
vault policy write artifactory-policy artifactory-policy.hcl
Using the Vault API, create the Artifactory AppRole policy. You need to generate an API Token to use Curl against the Vault server:
vault token create > Key Value --- ----- token s.SjsIRo41P8YSHGHyr4pL7mug token_accessor rMj2ug7vBN1g6OXIkLZK8rJl [...]
Then use the token to create the AppRole and register Artifactory:
curl \
--header "X-Vault-Token: s.SjsIRo41P8YSHGHyr4pL7mug" \
--request POST \
--data '{"type": "approle"}' \
http://127.0.0.1:8200/v1/sys/auth/approle
curl \
--header "X-Vault-Token: s.SjsIRo41P8YSHGHyr4pL7mug" \
--request POST \
--data '{"policies": "artifactory-policy"}' \
http://127.0.0.1:8200/v1/auth/approle/role/artifactory-role
Finally, Artifactory needs the AppRole's role_id and secret_id items. These can be retrieved using curl and the Vault token:
curl \
--header "X-Vault-Token: s.SjsIRo41P8YSHGHyr4pL7mug" \
http://127.0.0.1:8200/v1/auth/approle/role/test-role/role-id
{"role_id":"76237df0-463e-fad3-d1cb-eb292e5fed20"}
curl \
--header "X-Vault-Token: s.SjsIRo41P8YSHGHyr4pL7mug" \
--request POST \
http://127.0.0.1:8200/v1/auth/approle/role/test-role/secret-id
"data":{"secret_id":"151b7163-8d49-833e-5398-52d815b7ddfc","secret_id_accessor":"f981c017-d8fb-fac1-a6c0-acf766e594f9","secret_id_ttl":0}