Quickstart with the HashiCorp vault

Table of contents
Reading Time: 2 minutes

Vault is a secret management service by HashiCorp. It is a tool that will help you in storing secrets(API keys, passwords, etc) and accessing them securely. You can use Vault with a user interface as well as through CLI.

Vault operates as a client/server application. The Vault server is the only piece of the Vault architecture that interacts with the data storage and backends. All operations are done via the Vault CLI interact with the server over a TLS connection.

Installing Vault

sudo apt update && sudo apt install gpg
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg >/dev/null
gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vault

After installing Vault, verify the installation worked by opening a new terminal session and checking that the vault binary is available.

Starting the Dev Server

First, start a Vault dev server. The dev server is a built-in, pre-configured server that is not very secure but useful for playing with Vault locally. Later in the Deploy Vault tutorial, you will configure and start a non-dev server.

To start the Vault dev server, run:

vault server -dev

With the dev server started, perform the following:

  1. Launch a new terminal session.
  2. Copy and run the export VAULT_ADDR … command from the terminal output. This will configure the Vault client to talk to the dev server.
export VAULT_ADDR=''

Set the VAULT_TOKEN environment variable value to the generated Root Token value displayed in the terminal output.

export VAULT_TOKEN=<token in logs while server startup>
Verify the Server is Running

vault status

You can also list the secrets in the instance using the following command

vault secrets list -detailed

In this blog, we have learned how we can start a local vault server and we can communicate with the local instance with vault CLI, In upcoming blogs, we will take it to the next step and run multiple vault instances in different servers and see how we can create and migrate secrets.
Check out some more blogs by Knoldus here.


Written by 

Hey, I am a software consultant at Knoldus working on Java and Functional Programming.