Vault

• Consul

• Homepage
• Downloads

Consul is a dependency for Vault. Install that first.

Download latest version of Vault, unpack the zip file, and put the binary in /usr/local/sbin.

Set the proper file capabilities:

setcap cap_ipc_lock=+ep /usr/local/bin/vault

Set up a user for vault:

mkdir /var/lib/vault
useradd vault -d /var/lib/vault
chown vault: /var/lib/vault
chmod 0700 /var/lib/vault

Create an init script for the service, have it start on boot, and depend upon consul.

In /etc/init/vault.conf:

description "Vault process"

start on started consul
stop on stopping consul

respawn

setuid vault
setgid vault

exec vault server -config /etc/vault

Create a base configuration for Vault in /etc/vault/config.hcl using Consul:

backend "consul" {
  address = "127.0.0.1:8500"
  path = "vault"
}

listener "tcp" {
  address = "0.0.0.0:8200"
  tls_disable = 1
}

disable_mlock = true

After installing Vault, you can run it in a development / testing mode. This will run it in the foreground:

vault server -dev

In another terminal window, export the VAULT_ADDR variable before accessing the service.

export VAULT_ADDR="http://127.0.0.1:8200"

Check that the service is running:

vault status

Write some sample data:

vault write secret/hello value=world

Verify the data has been written:

vault read secret/hello

Output data in JSON format as well:

vault read -format=json secret/hello

Delete the sample data:

vault delete secret/hello