Secrets

Vault on OpenBSD

OpenBSD, Secrets, Security, Vault

how to Install and run Hashicorp Vault on OpenBSD

in addition to [https://blog.stoege.net/categories/vault/](this Blog Entry), here some instructions for OpenBSD.

Requirements

  • VM with OpenBSD 7.2 (or older …) and root/doas permission
  • Domain, or at least a FQDN Name pointing to your VM
  • HTTP/HTTPS allowed from Internet (for Certificate Generation)
  • Nginx installed (pkg_add nginx)

Source

https://developer.hashicorp.com/vault/docs/get-started/developer-qs

Install Vault

all the Steps must be run as root (or with doas)

pkg_add vault

Vault Config

Backup the prev. Config before …

Hashicorp - Vault

Docker, Secrets, Security, Vault

some Hands’on with Hashicorp Vault

Source

https://developer.hashicorp.com/vault/docs/get-started/developer-qs

Install on macos

brew tap hashicorp/tap
brew install hashicorp/tap/vault

Run on Docker

in Background, you have to kill it later

docker run -d -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=dev-only-token' vault

Unseal Key: 2KTIMp0Md52V2xTb0txxxxxxxxxxxxxxxxxxxxxxxxx=
Root Token: dev-only-token

this is a dev instance only and has no persistent data. don’t worry.

Open Browser

  • http://localhost:8200 -> root token

Export in Terminal

export VAULT_ADDR='http://0.0.0.0:8200'
export VAULT_TOKEN="dev-only-token"

Set Key

curl  --header "X-Vault-Token: $VAULT_TOKEN" \
      --header "Content-Type: application/json" \
      --request POST \
      --data '{"data": {"password": "Hashi123"}}' \
      -s http://127.0.0.1:8200/v1/secret/data/my-secret-password

-> Data get’s written to Store …