Redhat setup vault

Leave a Comment / Server Environment / By /

This article followed vault official instruction to setup vault on Redhat linux

Download and install vault

# Install repo manager if you don't have one
sudo yum install -y yum-utils

# Once installed complete, add vault repo
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo

# Install vault
sudo yum -y install vault

# Verify your installation
vault

# Example output
Usage: vault <command> [args]

Common commands:
    read        Read data and retrieves secrets
    write       Write data, configuration, and secrets
    delete      Delete secrets and configuration
    list        List data or secrets
    login       Authenticate locally
    agent       Start a Vault agent
    server      Start a Vault server
    status      Print seal and HA status
    unwrap      Unwrap a wrapped secret

Now your vault is ready to go

Start vault server

# Run below command to start vault server
sudo vault server -config=/etc/vault.d/vault.hcl

# Should have following messages:
==> Vault server configuration:

                     Cgo: disabled
              Go Version: go1.17.5
              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "enabled")
               Log Level: info
                   Mlock: supported: true, enabled: true
           Recovery Mode: false
                 Storage: file
                 Version: Vault v1.9.3
             Version Sha: 7dbdd57243a0d8d9d9e07cd01eb657369f8e1b8a

==> Vault server started! Log data will stream in below:

2022-01-28T13:06:20.975-0400 [INFO]  proxy environment: http_proxy="\"\"" https_proxy="\"\"" no_proxy="\"\""
2022-01-28T13:06:20.975-0400 [WARN]  no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
2022-01-28T13:06:20.999-0400 [INFO]  core: Initializing VersionTimestamps for core

Stop vault server

# Ctrl + C or use below command
pgrep -f vault | xargs kill

Create a vault service 

# Create a vault service file /etc/systemd/system/vault.service
sudo vi /etc/systemd/system/vault.service

# Paste below content
[Unit]
Description=vault
After=syslog.target network.target

[Service]
Type=simple

User=vault
Group=vault

ExecStart=vault server -config=/etc/vault.d/vault.hcl
ExecStop=pgrep -f vault | xargs kill

[Install]
WantedBy=multi-user.target

Reload and start vault as a service

# Reload system deamon 
sudo systemctl daemon-reload

# Start vault 
sudo systemctl start vault

# Verify vault status
sudo systemctl status vault.service

# Enable vault service on machine start
sudo systemctl enable vault.service

Now you have vault installed and running as a service in the background, follow up vault official document to initialize vault.

Reference:

  • https://learn.hashicorp.com/tutorials/vault/getting-started-deploy?in=vault/getting-started

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top