hashicorp vault setup guide

Hashicorp Vault Setup: Getting Started Guide

  • Last Updated On: December 27, 2018

In this guide, you will learn the latest Hashicorp vault setup using step by step instructions. The backend for vault storage used is server Filesystem

Hashicorp Vault Setup

Follow the step by step instructions given below to get a working vault setup with UI.

Note: This guide is for vault development/testing purposes. For production grade setup, there are many configurations to be considered which is out of scope if this article.

Step 1: Go to Hashicorp vault downloads page and download the latest package.

wget https://releases.hashicorp.com/vault/1.0.1/vault_1.0.1_linux_amd64.zip

Step 2: Unzip the package

unzip vault_1.0.1_linux_amd64.zip

Step 3: Move the vault executable to /usr/bin

sudo mv vault /usr/bin/

Step 4: verify vault command by checking its version.

vault -v

Step 5: Enable vault command completion.

vault -autocomplete-install

Step 6: Create vault data folder.

sudo mkdir /vault-data

Step 7: Create vault config file in hcl format as shown below.

ui = true

storage "file" {
  path = "/vault-data"
}

listener "tcp" {
 address     = "0.0.0.0:8200"
 tls_disable = 1
}

Step 8: Start the vault server in the background.

vault server -config=config.hcl &

Step 9: Initialise vault to get the keys.

vault operator init

It will output 5 unseal keys and a root key as shown below. Note down those keys. Root key will be used to login to vault CLI and UI.

Step 10: By default vault will be sealed. It should be unsealed with minimum of three unseal keys as shown below.

vault operator unseal A621ZvA8JyQ8TIu30PwD6u1yFfTVFuxczIHw9Ls5KV8s
vault operator unseal KMoQ2CzF7lKN6s/rmoUorX9PGQSa1F33PHq/q7wpe3w3
vault operator unseal 9YRVkV5x93xNEEzeBZmnr/4XALt6D7xR/wOKnemPuLBb

Now if you check the vault status, it should say false for sealed parameter as shown below.

Note: Everytime you restart vault or if it gets restarted during server restarts, you need to perform the unseal operation using the same unseal key you got in step 9

Step 11: You can also access the vault UI on port 8200 of your vault server.

For example,

http://35.192.109.160:8200/ui/

You can login to the UI using the root key you got in step 9.

0 Shares
Picture of Scriptcrunch Editorial

Scriptcrunch Editorial

ScriptCrunch is your go-to website for all things DevOps. We specialize in helping engineers master Kubernetes and other essential DevOps tools. Our main goal is to provide easy-to-follow tutorials and valuable resources, with a special focus on the Cloud Native Computing Foundation (CNCF). Additionally, we offer insights into Linux Foundation Training and its various initiatives.

Other Interesting Blogs

Leave a Comment

scriptcrunch

Top Resources

Scripting

  • Python

Information

Email Newsletter

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap