Hashicorp Vault | Dev and Prod server setup | Unseal | Policies | TLS setup

This page summarizes the projects mentioned and recommended in the original post on dev.to

Our great sponsors
  • SonarQube - Static code analysis for 29 languages.
  • Scout APM - Less time debugging, more time building
  • SaaSHub - Software Alternatives and Reviews
  • Vault

    A tool for secrets management, encryption as a service, and privileged access management

    ### DEPLOY PROD MODE # Generate the certs mkdir -p /opt/vault/{tls,data} cd /opt/vault/tls openssl req -out tls.crt -new -keyout tls.key -newkey rsa:4096 -nodes -sha256 -x509 -subj "/O=HashiCorp/CN=Vault" -addext "subjectAltName = IP:,DNS:" -days 3650 cat /etc/vault/vault.hcl # Full configuration options can be found at https://www.vaultproject.io/docs/configuration ui = true storage "file" { path = "/opt/vault/data" } # HTTPS listener listener "tcp" { address = "0.0.0.0:8200" tls_cert_file = "/opt/vault/tls/tls.crt" tls_key_file = "/opt/vault/tls/tls.key" } ############################################### chown vault: /opt/vault/tls/* service vault start # make sure DNS record is present, else TLS certificate verification # will fail export VAULT_ADDR='https://:8200' export VAULT_CACERT="/opt/vault/tls/tls.crt" # either visit https://:8200 and enter values as 5 as number of keys and 3 keys needed to unseal or regenerate keys # copy the root token & keys vault operator init [email protected]:/opt/vault/tls# vault status [email protected]:/opt/vault/tls# vault operator unseal --ca-cert=/opt/vault/tls/tls.crt vault login # Refer production hardening for more: https://learn.hashicorp.com/tutorials/vault/production-hardening

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts