Introduction to Harshicorp Vault
What is a Vault?
Vault is a way to store and manage secrets in a production or IT environment.
Brief Overview of Vaults
- Secrets are usually stored in vaults.
- Clients access secrets in vaults and clients can be referred to as normal users, application or computer objects.
- API clients access secrets throught the API
- Authentication are used to allow access to designated clients to the desired secret. e.g ldap, active directory
- Policy after authentication each client gets a token which is policy that determines what they can do on the vault
- Audit to keep record of what happens in vault we use different audit devices to achieve this
Why Vault
Vault excels at storing and managing secrets, it is best used as a secret management tool
Protecting Data is best achieved with encryption , involving certificates and encryption keys. Vault can be used to store certificates and encryption keys
Public Cloud Hosted Services
- Azure Key Vault
- AWS Key Management Service
Getting Started with Vault in Linux
It is quite an easy tool to get started with simply
-
Download terraform from https://releases.hashicorp.com/ based on your control machine distribution this post is specifically for linux distros.
-
Extract to /usr/local/bin and avoid the need to pass path variables in your profile
sudo wget https://releases.hashicorp.com/vault/1.1.2/vault_1.1.2_linux_amd64.zip -O /tmp/vault.zip; sudo unzip /tmp/vault.zip -d /usr/local/bin; vault --version Vault v1.1.2 ('00xxxxxxxxxxx')
enable auto-complete
vault -autocomplete-install
exec bash