Vault – Beginners Guide (Go)

If you haven’t used Hashicorp Vault till today, this post is for you.

So here are our tasks for this post:

  • Setup Vault Server
  • Add SSH keys to it
  • Get key from the vault via a Go program

Note: All secrets/keys generated during this setup are for demo only.

Vault Server Setup:
[[email protected] ~]# mkdir -p /opt/hashicorp/vault
[[email protected] ~]# cd /opt/hashicorp/vault/
[[email protected] vault]# wget https://releases.hashicorp.com/vault/0.6.5/vault_0.6.5_linux_amd64.zip
[[email protected] vault]# unzip vault_0.6.5_linux_amd64.zip

Download the sample config from and store it as config in current directory: https://www.vaultproject.io/docs/config/

In the config you can use several backend modes and they are all listed on the above page in detail for this setup we will use the file backend with no HA. This means that all the data will be stored on the file system in a directory structure.

So my config looks like this:

Now lets start the server and send it to background:

Initialize the vault, please note that if you are not using tls you will need to export the environment variable with http before using the vault binary as the client:

export VAULT_ADDR=http://127.0.0.1:8200

Unseal the vault and authenticate, by using the keys that were generated for you:

Add SSH Key to Vault:

Once the server is unsealed, we can add our secrets to it, Lets generate an SSH key and save it in the vault for later:

Retrieve the Key in a Program/Script
You can use Go Hashicorp api package to connect to vault:

Output of the program:

This was demonstration of basic vault server setup and client authentication. There are many more different aspects to it. For further information please refer to vault documentation https://www.vaultproject.io/docs/concepts/index.html

Leave a Reply

Your email address will not be published. Required fields are marked *