Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing.
In Our case we will be storing all the agent(tools) related secrets like username, password, accesstoken etc to vault and make sure it is not persisted anywhere other than vault.
Infrastructure of Vault in Insights:
Installation of Vault:
- Vault is distributed as a binary package for all supported platforms and architectures which can be downloaded from https://www.vaultproject.io/downloads.html
- Vault runs as a single binary named
vault - Unzip the downloaded folder and add it to PATH.
- Linux -
- ln -s <vault-binary-file-path> /usr/bin/vault
- ln -s <vault-binary-file-path> /usr/local/bin/vault
- Windows
- Add to Environment Variable PATH.
- Linux -
- Restart the command prompt and verify it by giving the command
vault.
Configuring Vault:
- Reference - https://www.vaultproject.io/docs/configuration/
- In order to run Vault in prodution mode we need to customize vault using hashicorp language.
- Below is the Insights Production minimal config file with .hcl extension that helps to bring vault in prod mode. We can add more configs based on the needs from the above referenced link.
ui = true - Enables vault UI
backend "file" {
path = "vault-prod" - stores all secrets as a file.
}#non-loopback interface
listener "tcp" {
address = "10.224.90.35:3000" - starts the vault in the below ip and port
tls_disable = 1
}# Advertise the non-loopback interface
api_addr = "http://10.224.90.35:3000"
cluster_addr="http://10.224.90.35:3001"
Starting Vault:
Back to Top