Versions Compared

Version Old Version 11 New Version 12
Changes made by

Vijay (Unlicensed)

Vijay (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
top1
top1


Tip

­­Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. 

In Our case we will be storing all the agent(tools) related secrets like username, password, accesstoken etc to vault and make sure it is not persisted anywhere other than vault.


Panel

Table of Contents


Infrastructure of Vault in Insights:

  • Insights Infrastructure is up and running in below instance .
    • http://10.224.90.35:3000/

Installation of Vault:

  • Vault is distributed as a binary package for all supported platforms and architectures which can be downloaded from https://www.vaultproject.io/downloads.html
  • Vault runs as a single binary named vault
  • Unzip the downloaded folder and add it to PATH.
    • Linux -
      • ln -s <vault-binary-file-path> /usr/bin/vault
      • ln -s <vault-binary-file-path> /usr/local/bin/vault
    • Windows
      • Add to Environment Variable PATH.
  • Restart the command prompt and verify it by giving the command vault.


Configuring Vault:

  • Reference - https://www.vaultproject.io/docs/configuration/
  • In order to run Vault in prodution mode we need to customize vault using hashicorp language.
  • Below is the Insights Production minimal config file with .hcl extension that helps to bring vault in prod mode. We can add more configs based on the needs from the above referenced link.

    • ui = true                   -  Enables vault UI

      backend "file" {
      path = "vault-prod"  - stores all secrets as a file.
      }

      #non-loopback interface
      listener "tcp" {
      address = "10.224.90.35:3000" - starts the vault in the below ip and port 
      tls_disable = 1
      }

      # Advertise the non-loopback interface
      api_addr = "http://10.224.90.35:3000"
      cluster_addr="http://10.224.90.35:3001"

View file
nameconfig-prod.hcl
height250

Starting Vault:

  • Vault can be started in 2 modes
    1. Development mode 
      1. This is useful for local development and all secrets are stored locally.
      2. command Command -

                                                vault server -dev 

                          c c. Starts the local vault in port 8200 . we can change the ip and port through the command -  

                                                vault server -dev -dev-listen-address=10.224.90.35:3000 -config=config.hcl

                          d d. check Check the status of vault with the command 

                                                vault status

                2.Production mode

                          a. Command - 

                        nohup vault server -config=config-prod.hcl > vault-prod.log &
             b. Initialize and unseal vault using tokens.
                        vault operator init
                        vault operator unseal - Execute unseal command until the parameter "selead" become false.
             c. Login using roottoken via command prompt
                        vault login <root-token>



Back to Top