Hashicorp Vault : Installation In Dev Mode

In the last article we got introduced to vault . Here we will start with the installation of vault on CentOS 7 machine and get our hands dirty.

Login to a Centos 7 machine and execute the below commands

yum install epel-release -y
yum install wget unzip -y
wget https://releases.hashicorp.com/vault/1.5.0/vault_1.5.0_linux_amd64.zip 
unzip vault_1.5.0_linux_amd64.zip
mv vault /usr/bin/

On executing the above command we will get the below output. That means our vault is successfully installed.

Initialize vault server in development mode

Vault server basically operates in two modes dev and prod .To practice, test and play around with vault dev mode is good and should be enabled before moving to production so that there are no gaps and production setup is flawless.

Note that in dev mode data is not very secure and is stored in "in-memory mode", this means that data will be lost if we restart the vault server.

To start the vault in dev mode execute the below command

[root@linuxadvise vault]# vault server -dev

Now open a duplicate window and execute command to check the status . We will see that below error will be encountered.

[root@linuxadvise ~]# vault status
Error checking seal status: Get "": http: server gave HTTP response to HTTPS client

To get rid of this we have to export an environment variable.

  • Edit the file /root/.bashrc and add the below line

export VAULT_ADDR=''

  • Save and exit the file and execute

[root@linuxadvise ~]# source /root/.bashrc
[root@linuxadvise ~]# vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.5.0
Cluster Name    vault-cluster-797c94a3
Cluster ID      1dbbd3ae-6773-3b60-feef-843455d14dc6
HA Enabled      false

Our First Secret

  • Login to the vault console. We don't have any secrets as of now. Let's create one.

  • Let us create a secret named "mysecret"

  • Let's suppose the name of the entity is "credential" , we give it's value ( that needs to be secret) like shown below.

  • Vault provides us with an ability to maintain different versions of credentials that we store.Anytime we can get details of the old passwords and also the update history.Also a deleted version can be restored at a later point of time until it is permanently removed.

Let's try the command line

Now we will try to do the same thing using the command line.

To get any related help , execute

vault kv -h 

  • To create a secret execute below command

vault kv put secret/other-secret user=admin1
vault kv put secret/other-secret user=admin2 # will create another version
vault kv put secret/other-secret user=admin3 # will create yet another version

  • To view the contents

vault kv get secret/other-secret
  • To view a specific version

vault kv get -version=2 secret/other-secret
  • To delete a specific version

vault kv delete -versions=2 secret/other-secret
  • To un-delete a version

vault kv undelete -versions=2 secret/other-secret
  • To permanently delete a version

vault kv destroy -versions=2 secret/other-secret
  • Delete a secret permanently

vault kv metadata delete secret/other-secret

Alright so this is how things work at a basic level with vault . In the next article we are going to discuss about secrets engine. Keep following up :-)

268 views0 comments

Subscribe Form

©2020 by Linux Advise