If you haven’t used Hashicorp Vault till today, this post is for you.
So here are our tasks for this post:
- Setup Vault Server
- Add SSH keys to it
- Get key from the vault via a Go program
Note: All secrets/keys generated during this setup are for demo only.
Vault Server Setup:
[[email protected] ~]# mkdir -p /opt/hashicorp/vault
[[email protected] ~]# cd /opt/hashicorp/vault/
[[email protected] vault]# wget https://releases.hashicorp.com/vault/0.6.5/vault_0.6.5_linux_amd64.zip
[[email protected] vault]# unzip vault_0.6.5_linux_amd64.zip
Download the sample config from and store it as config in current directory: https://www.vaultproject.io/docs/config/
In the config you can use several backend modes and they are all listed on the above page in detail for this setup we will use the file backend with no HA. This means that all the data will be stored on the file system in a directory structure.
Now lets start the server and send it to background:
Initialize the vault, please note that if you are not using tls you will need to export the environment variable with http before using the vault binary as the client:
Unseal the vault and authenticate, by using the keys that were generated for you:
Add SSH Key to Vault:
Once the server is unsealed, we can add our secrets to it, Lets generate an SSH key and save it in the vault for later:
This was demonstration of basic vault server setup and client authentication. There are many more different aspects to it. For further information please refer to vault documentation https://www.vaultproject.io/docs/concepts/index.html