Configure Vault on Amazon EC2 Instance

How To Setup Vault on AWS EC2 Instance

Hashicorp Vault is one of the best open source software to manage secrets. All secrets in the vault will be encrypted.

Hashicorp Vault Use Cases

Vault has many use cases when it comes to enterprise implementation. For small scale setup, the vault use cases normally come down to the following.

  1. Application Secrets management
  2. SSH keys management
  3. Data Encryption

Hashicorp Vault Setup on Amazon Ec2

In this tutorial, you will learn how to set up a Hashicorp vault server on an Amazon ec2 Linux server for secret management.

Prerequisites:

  1. A Linux ec2 instance.
  2. Access to the ec2 instance over ssh.
  3. In the Security group, port 8200 open to access vault UI, API, and SSH access.

Note: This tutorial is for single node vault setup with minimal configuration.

Step 1: Head over to vault downloads page, get the latest vault setup for Linux amd64.

Step 2: Download the vault binary to /opt location.

Step 3: Unzip the vault executable.

Step 4: Move the vault executable to /usr/bin directory.

Step 5: Create a user named vault to run as a service.

Configure Vault as a System Service

Step 1: Create a vault systemd service file.

Step 2: Copy the below configuration to the service file.

Step 3: Create the vault configuration, data & logs directory. Also change the ownership of vault directory to vault user.

Step 4: Create a vault.hcl file which holds all the vault configuration.

Step 5: Copy the below configuration and save the file.

Step 6: Enable, start and check the status of vault service.

Step 7: Access the vault UI using the public IP /Private IP on port 8200 as shown below.

When you access the vault UI, by default it will be sealed as shown below.

Step 8: Initialise vault using initialise button with 3 key shares.

Step 9: Download the keys using the “Download Keys” button and click “continue to unseal” button.

Note: The key files is very important and you should keep it safe. For any reason if you restart the server or vault service, vault get locked. You will need these keys to unlock it.

Step 10: Enter three keys one by one from the downloaded key file to unseal vault.

Step 11: Once unsealed, login to vault with the root_token from the downloaded key file.

Thats it! You will be logging in to vault server with all default settings.

Hope this article helps with your initial vault setup on AWS ec2. For production use cases, you should have HA, SSL and other configurations enabled. Connect with me at [email protected] to such use cases.

In the next article we will look in to the following

  1. Storing and Retrieving secrets from the Vault Server
  2. Backing up vault secret data
  3. Vault Best Practices for Storing and Retrieving Secrets

Related

1.Education2.Business3. IT Industry.4 Current Situation

Read more

You can connect to the Ubuntu instance using putty or the java plugin option provided by Amazon. Best way to connect…

Read more

MANOVA is based on the product of model variance matrix as it can minimize the optimal issues facing the corporate…

Read more
About

Cloud Computing Tutorial Blog