Open in app

Sign in

Write

Sign in

How to Setup HashiCorp Vault on Linux

FoxuTech
2 min readJun 27, 2020

--

As we started discussing about secret service, with to more with that. We want to discuss about one of growing secret service, which can be used with most of cloud services and DevOps tools. In this guide, will explain about How to Setup HashiCorp Vault on Linux.

Note: In this blog, we’re using the filesystem backend to store encrypted secrets on the local filesystem at /vault-data. This is suitable for local or single-server deployments that do not need to be replicated. This is not suitable for HA Setup.

Introduction

Vault is an open-source tool that provides a secure, reliable way to store and distribute secrets like API keys, access tokens, and passwords. Software like Vault can be critically important when deploying applications that require the use of secrets or sensitive data.

To download latest vault package, Go to Hashicorp vault downloads page and download the latest package.

# wget https://releases.hashicorp.com/vault/1.4.2/vault_1.4.2_linux_amd64.zip

Unzip the package

# unzip vault_1.0.1_linux_amd64.zip

Move the vault executable to /usr/bin

#  mv vault /usr/bin/

Once you moved, verify vault command by checking its version.

# vault -v

Finally, set a Linux capability flag on the binary. This adds extra security by letting the binary perform memory locking without unnecessarily elevating its privileges.

#  setcap cap_ipc_lock=+ep /usr/bin/vault

Create vault data folder.

#  mkdir /vault-data

Creating the Vault startup file

Systemd is Ubuntu’s init system which, among other things, manages the system’s services. In order to set Vault up as a system service, we are going to create separate user account to manage the service and will create separate mount to store Vault information.

First, let’s create a vault system user.

#  useradd -r -d /vault-data-s /bin/nologin vault

Here, we use /vault-data as the user’s home directory. This will be used as the Vault data directory. We also set the shell to /bin/nologin to restrict the user as a non-interactive system account.

Set the ownership of /vault-data to the vault user and the vault group exclusively.

#  install -o vault -g vault -m 750 -d /vault-data

Now let’s set up Vault’s configuration file, /etc/vault.hcl. You’ll use this to control various options in Vault, such as where encrypted secrets are stored.

Create vault.hcl using nano or your favorite text editor.

Continue Reading on https://foxutech.com/hashicorp-vault-how-to-setup-on-linux/

Docker
Kubernetes
Secrets
Security Services
Vault

--

--

FoxuTech
FoxuTech

Written by FoxuTech

351 Followers
57 Following

Discuss about #Linux, #DevOps, #Docker, #kubernetes, #HowTo’s, #cloud & IT technologies like #argocd #crossplane #azure https://foxutech.com/

Responses (1)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams