Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Hashicorp Vault on an Ubuntu 18.04 Bionic Beaver server.
Install Hashicorp Vault on Ubuntu 18.04 LTS
Step 1. First, make sure that all your system packages are up-to-date
sudo apt update sudo apt upgrade
Step 2. Installing Consul.
First, go to the Consul downloads page. Right-click the link for Linux 64-bit and select ‘copy link address’ or whatever the similar option is for your browser:
wget https://releases.hashicorp.com/consul/1.3.0/consul_1.3.0_linux_amd64.zip unzip consul_1.3.0_linux_amd64.zip mv consul /usr/bin
Next, run Consul as a service so we need to configure a SystemD service for Consul:
nano /etc/systemd/system/consul.service
[Unit] Description=Consul Documentation=https://www.consul.io/ [Service] ExecStart=/usr/bin/consul agent -server -ui -data-dir=/tmp/consul -bootstrap-expect=1 -node=vault -bind=192.168.1.28 -config-dir=/etc/consul.d/ ExecReload=/bin/kill -HUP $MAINPID LimitNOFILE=65536 [Install] WantedBy=multi-user.target
Next we need to add some configuration so that we can access the Consul GUI from our network:
mkdir /etc/consul.d/
Then, create a new file /etc/consul.d/ui.json and add the following file:
nano /etc/consul.d/ui.json
{
"addresses": {
"http": "0.0.0.0"
}
}
Now we are ready to start the Consul Service:
systemctl daemon-reload systemctl start consul systemctl enable consul
Verify that our Consul Service:
root@ramona:~# consul members Node Address Status Type Build Protocol DC Segment vault 192.168.1.28:8301 alive server 1.3.0 2 dc1 <all>
Step 3. Installing Vault on Ubuntu 18.04.
First, go to the Vault Downloads page and copy the URL just like we did for Consul:
wget https://releases.hashicorp.com/vault/0.11.4/vault_0.11.4_linux_amd64.zip unzip vault_0.11.4_linux_amd64.zip mv vault /usr/bin
Next, Create a configuration directory /etc/vault:
mkdir /etc/vault
Then, Create a new file /etc/vault/config.hcl with the following contents:
storage "consul" {
address = "127.0.0.1:8500"
path = "vault/"
}
listener "tcp" {
address = "192.168.1.28:8200"
tls_disable = 1
}
ui = true
Now we need to create the SystemD Service for vault:
nano /etc/systemd/system/vault.service
[Unit] Description=Vault Documentation=https://www.vault.io/ [Service] ExecStart=/usr/bin/vault server -config=/etc/vault/config.hcl ExecReload=/bin/kill -HUP $MAINPID LimitNOFILE=65536 [Install] WantedBy=multi-user.target
Next, we need to start the Vault Service:
systemctl daemon-reload systemctl start vault systemctl enable vault
To enable the CLI to connect to our Vault service run this command:
export VAULT_ADDR=http://192.168.1.28:8200
After Vault starts we need to initialize it. This only has to be done once or when you change storage backends for some reason:
vault operator init
Congratulation’s! You have successfully installed Vault. Thanks for using this tutorial for installing Hashicorp Vault in Ubuntu 18.04 LTS system. For additional help or useful information, we recommend you to check the official Vault web site.