Vault is a secret management service by HashiCorp. It is a tool that will help you in storing secrets(API keys, passwords, etc) and accessing them securely. You can use Vault with a user interface as well as through CLI.
Vault operates as a client/server application. The Vault server is the only piece of the Vault architecture that interacts with the data storage and backends. All operations are done via the Vault CLI interact with the server over a TLS connection.
sudo apt update && sudo apt install gpg
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg >/dev/null
gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vault
After installing Vault, verify the installation worked by opening a new terminal session and checking that the vault binary is available.
Starting the Dev Server
First, start a Vault dev server. The dev server is a built-in, pre-configured server that is not very secure but useful for playing with Vault locally. Later in the Deploy Vault tutorial, you will configure and start a non-dev server.
To start the Vault dev server, run:
vault server -dev
With the dev server started, perform the following:
- Launch a new terminal session.
- Copy and run the export VAULT_ADDR … command from the terminal output. This will configure the Vault client to talk to the dev server.
Set the VAULT_TOKEN environment variable value to the generated Root Token value displayed in the terminal output.
export VAULT_TOKEN=<token in logs while server startup>
Verify the Server is Running vault status
You can also list the secrets in the instance using the following command
vault secrets list -detailed
In this blog, we have learned how we can start a local vault server and we can communicate with the local instance with vault CLI, In upcoming blogs, we will take it to the next step and run multiple vault instances in different servers and see how we can create and migrate secrets.
Check out some more blogs by Knoldus here.