It is always not possible to remember all the secret keys, passphrases, and tokens. Sometimes managing and maintaining secrets might be challenging tasks. We may need to store such secrets somewhere which we can use when needed. Hashicorp Vault is a solution that can be used to store secrets. It protects all the secrets stored on it and keeps secured. In this article, we will learn how to install Hashicorp vault on ubuntu 20.04.
Prerequisites
- Freshly installed ubuntu system
- Root privileged user account
- Internet connection to download packages
Update the server
Before starting the setup, make sure that your ubuntu server is up to date. Run the following command to update and upgrade application packages.
$ sudo apt-get update && sudo apt-get upgrade -y
Download the latest version of a vault
The latest version of the vault application is available on the Hashicorp vault download page. Go to the link https://www.vaultproject.io/downloads and search “Latest Downloads ” at the bottom of the page. Find the download package for Linux and copy the download link.
Once the link is copied, the application can be downloaded using the wget command.
$ wget https://releases.hashicorp.com/vault/1.8.2/vault_1.8.2_linux_amd64.zip
Extract the file
Once the download is completed, extract the archive and move the file to /usr/bin directory.
$ unzip vault_1.8.2_linux_amd64.zip
$ sudo mv vault /usr/bin
You can type vault command which will display the common vault commands.
$ vault
Create a vault configuration file
Create some directories to store vault data and configuration files. In this article, we will store configuration files under the directory /etc/vault and vault data under the directory /var/lib/vault/data .
$ sudo mkdir /etc/vault
$ sudo mkdir -p /var/lib/vault/data
Now create a hashicorp vault configuration file in /etc/vault directory.
$ sudo vi /etc/vault/config.hcl
Paste the following contents and save.
disable_cache = true disable_mlock = true ui = true listener "tcp" { address = "0.0.0.0:8200" tls_disable = 1 } storage "file" { path = "/var/lib/vault/data" } api_addr = "http://0.0.0.0:8200" max_lease_ttl = "8h" default_lease_ttl = "8h" cluster_name = "vault" raw_storage_endpoint = true disable_sealwrap = true disable_printable_check = true
Configure vault to run as service
We need to create a vault service file to run the vault application as a service. Go to the directory /etc/systemd/system/ and create a service file with the following contents.
$ sudo vi /etc/systemd/system/vault.service
[Unit] Description="HashiCorp Vault - A tool for managing secrets" Documentation=https://www.vaultproject.io/docs/ Requires=network-online.target After=network-online.target ConditionFileNotEmpty=/etc/vault/config.hcl [Service] ProtectSystem=full ProtectHome=read-only PrivateTmp=yes PrivateDevices=yes SecureBits=keep-caps AmbientCapabilities=CAP_IPC_LOCK NoNewPrivileges=yes ExecStart=/usr/bin/vault server -config=/etc/vault/config.hcl ExecReload=/bin/kill --signal HUP KillMode=process KillSignal=SIGINT Restart=on-failure RestartSec=5 TimeoutStopSec=30 StartLimitBurst=3 LimitNOFILE=6553 [Install] WantedBy=multi-user.target
Save the file and exit.
Enable and start vault service
Run the following command to start and enable vault service.
$ sudo systemctl daemon-reload $ sudo systemctl start vault $ sudo systemctl enable vault
To check the vault service status, run the following command.
$ sudo systemctl status vault
Access vault UI using browser
We have installed and configured the vault. Now you can access vault UI using the following URL.
You can initialize and use the vault as your password manager.
Conclusion
In this article, we learned how to install and configure the Hashicorp vault on the Ubuntu system to store secret tokens, passwords, and certificates.