How to Install Hashicorp Vault on ubuntu 20.04

Hashicorp Vault is a free and open source tool. It helps to manage & securely storing password & accessing secrets.We can easily create, update, read and delete secrets, authenticate & unseal.It provides web interface to interact with Vault.

Pre-requisite

We needs sudo privileges.
Setup consul as a backend storage for Hashicorp vault so click on link https://www.hackerxone.com/blog/how-install-consul-ubuntu-2004-lts for how to install consul on ubuntu.

Install Hashicorp Vault on ubuntu

Update the System.

apt-get update

Download the vault zip file.

wget https://releases.hashicorp.com/vault/0.11.4/vault_0.11.4_linux_amd64.zip

Extract the downloaded file.

apt-get install unzip
unzip vault_0.11.4_linux_amd64.zip

Move the extracted file to /usr/bin/.

mv vault /usr/bin

Create a directory /etc/vault for configuration.

mkdir /etc/vault

Create a new file.

vim /etc/vault/config.hcl

Add the following lines:

storage "consul" {
  address = "127.0.0.1:8500" or 0.0.0.0:8500
  path    = "vault/"
}
 
listener "tcp" {
 address     = "server-ip:8200" or 0.0.0.0:8200
 tls_disable = 1
}
 
ui = true

Create a vault service file.

vim /etc/systemd/system/vault.service

Add the following lines:

[Unit]
Description=Vault
Documentation=https://www.vault.io/
 
[Service]
ExecStart=/usr/bin/vault server -config=/etc/vault/config.hcl
ExecReload=/bin/kill -HUP $MAINPID
LimitNOFILE=65536
 
[Install]
WantedBy=multi-user.target

Reload,Start & Enable the Vault Service:

systemctl daemon-reload
systemctl start vault
systemctl enable vault

Enable Vault service for CLI.

export VAULT_ADDR=http://server-ip:8200

Initialize the vault service.

vault operator init

Here is the command output:

Unseal Key 1: Dhmn4caf16eRA1v8Hi9xNA6axGITpREcM/Q4c6UCulfH
Unseal Key 2: mQ9nD8KIU9HW9hiLY/ASxO6Kpkn13kBPxHFLW5U+HzrJ
Unseal Key 3: VjoY8HTLpDjK9IgQ9wJf1NvonerDxngTP8JpXCzckjkz
Unseal Key 4: SCKLcgP2gQgVjOi+FrjNO+lzKnFWZA3LBGfe2y6qHSr2
Unseal Key 5: NlOvc4aqYNsEyERfEuflDyS9L+GseFA/OK1YG/nkThy+

Initial Root Token: s.4F3cE2EbHZaWAuW90BPmowur

Vault initialized with 5 key shares and a key threshold of 3. Please securely
distribute the key shares printed above. When the Vault is re-sealed,
restarted, or stopped, you must supply at least 3 of these keys to unseal it
before it can start servicing requests.

Vault does not store the generated master key. Without at least 3 key to
reconstruct the master key, Vault will remain permanently sealed!

It is possible to generate new unseal keys, provided you have a quorum of
existing unseal keys shares. See "vault operator rekey" for more information.

Access Hashicorp web-interface

http://server-ip:8200

Here is the output:

Copy the Unseal key from Ternimal.
Paste the key for unseal the vault.
Click on Unseal.

Fig 1

When Initialize the vault service,we get Taken number.
Copy the Initial Root Taken number from terminal.
Paste the Token number.
Click on Sign in.

Fig 2

Now Hashicorp vault is Ready.
We needs to add secrets so click on cubbyhole.

Fig. 3

Click on Create Secret.

Fig. 4

Provide the Secret Path.
Secret data like key & Value.
Click on Save.

Fig. 5

New Secret data is successfully added.

Fig. 6

Now Add a new secret engine.
Click on Enable New Engine.

Fig. 3

Select Secret Engine.Choose Consul.
Click on Next.

Fig. 7

Click on Enable the Engine.

Fig. 8

Now New Secret Engine is Ready.

Fig. 5

Leave a Reply Cancel reply

You must be logged in to post a comment.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others