{"id":21650,"date":"2023-01-19T17:12:12","date_gmt":"2023-01-19T16:12:12","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=21650"},"modified":"2025-01-24T10:42:51","modified_gmt":"2025-01-24T09:42:51","slug":"hashicorp-vault-install-and-quick-first-configuration","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/","title":{"rendered":"Hashicorp Vault. Install and quick first configuration"},"content":{"rendered":"\n

by Alexandre Nestor<\/p>\n\n\n\n

Introduction<\/h2>\n\n\n\n

Keeping and using passwords in scripts is often an overlooked task, at least in the initial stages of development.
This behavior poses serious security problems, and quite often, especially in scripts, one can find plaintext passwords.
If the project uses Git, then the versions of git that contain the passwords are visible in the project history.
The use of a vault should be implemented in the first phase of every project.<\/p>\n\n\n\n

This post describes how to install and use the HashiCorp Vault, in a Podman container.<\/p>\n\n\n\n

Official container vault image:<\/h4>\n\n\n\n

https:\/\/github.com\/hashicorp\/docker-vault<\/a>
https:\/\/hub.docker.com\/_\/vault<\/a><\/p>\n\n\n\n

<\/h4>\n\n\n\n

Installation <\/h2>\n\n\n\n

Install Podman<\/a><\/h4>\n\n\n\n

As these tests are made on a brand new cloud Ubuntu vm, let’s start from the beginning by :<\/p>\n\n\n\n

Installing podman<\/code>.<\/h4>\n\n\n
\nroot@blog-vault:~# apt-get install podman\n....\n<\/pre><\/div>\n\n\n
Create a vault<\/code> user.<\/h4>\n\n\n
\nroot@blog-vault:~# useradd vault --home \/home\/vault --create-home --shell \/bin\/bash\nroot@blog-vault:~# sudo su - vault\nvault@blog-vault:~$\n\nroot@blog-vault:~# id vault\nuid=1002(vault) gid=1002(vault) groups=1002(vault)\n\nroot@blog-vault:~# loginctl enable-linger 1002\n<\/pre><\/div>\n\n\n
Get the podman<\/code> vault container:<\/h4>\n\n\n
\nubuntu@blog-vault:~$ podman login registry.connect.redhat.com\nUsername: your_username\nPassword: ********\nLogin Succeeded!\n\nvault@blog-vault:~$ podman pull registry.connect.redhat.com\/hashicorp\/vault:1.12.1-ubi\nTrying to pull registry.connect.redhat.com\/hashicorp\/vault:1.12.1-ubi...\nGetting image source signatures\nCopying blob 4a6625bea753 done\nCopying blob 7c43afe89fe5 done\nCopying blob 66304ec43437 done\nCopying blob 35f159681384 done\nCopying blob baed4ec80d13 done\nCopying blob c4a8cf07892e done\nCopying blob 7ea744a06738 done\nCopying config 11bd373e3f done\nWriting manifest to image destination\nStoring signatures\n11bd373e3fd8c82d9e86c5143572ca79c90962ccc72cb15fab4449790bcdbd35\n\nvault@blog-vault:~$ podman images\nREPOSITORY                                   TAG         IMAGE ID      CREATED       SIZE\nregistry.connect.redhat.com\/hashicorp\/vault  1.12.1-ubi  11bd373e3fd8  2 months ago  350 MB\n<\/pre><\/div>\n\n\n
Create the directories for the vault container external storage.<\/h4>\n\n\n
\nvault@blog-vault:~$  mkdir -p $HOME\/vault\/logs\nvault@blog-vault:~$  mkdir -p $HOME\/vault\/file\nvault@blog-vault:~$  mkdir -p $HOME\/vault\/config\n<\/pre><\/div>\n\n\n
Create the vault configuration file.<\/h4>\n\n\n
\nvault@blog-vault:~$  cat vault\/config\/local.json\n{\n  "storage": {\n    "file": {\n      "path": "\/vault\/file"\n    }\n  },\n  "listener": [\n    {\n      "tcp": {\n        "address": "0.0.0.0:8200",\n        "tls_disable": true\n      }\n    }\n  ],\n  "default_lease_ttl": "168h",\n  "max_lease_ttl": "720h",\n  "ui": true\n}\n<\/pre><\/div>\n\n\n
Start the vault podman<\/code> container<\/h4>\n\n\n
\nvault@blog-vault:~$ podman run --cap-add=IPC_LOCK \\\n-v $HOME\/vault\/logs:\/vault\/logs \\\n-v $HOME\/vault\/config:\/vault\/config \\\n-v $HOME\/vault\/file:\/vault\/file  \\\n-e 'SKIP_CHOWN=true' \\\n-e 'SKIP_SETCAP=true' \\\n-p 8200:8200 vault server\n\n==> Vault server configuration:\n\n                     Cgo: disabled\n              Go Version: go1.19.2\n              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")\n               Log Level: info\n                   Mlock: supported: true, enabled: true\n           Recovery Mode: false\n                 Storage: file\n                 Version: Vault v1.12.1, built 2022-10-27T12:32:05Z\n             Version Sha: e34f8a14fb7a88af4640b09f3ddbb5646b946d9c\n\n==> Vault server started! Log data will stream in below:\n\n2023-01-10T09:22:18.628Z [INFO]  proxy environment: http_proxy="" https_proxy="" no_proxy=""\n2023-01-10T09:22:18.628Z [WARN]  no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set\n2023-01-10T09:22:18.651Z [INFO]  core: Initializing version history cache for core\n<\/pre><\/div>\n\n\n
Configure the vault<\/h2>\n\n\n\n
First init of the vault<\/h4>\n\n\n\n
Let’s init the vault and save the root_token<\/code> in an env variable for easy use. <\/p>\n\n\n\n
Save whole JSON output in a init_vault.json<\/code> file.<\/p>\n\n\n
\nvault@blog-vault:~$  curl -s --request POST --data '{"secret_shares": 1, "secret_threshold": 1}' http:\/\/127.0.0.1:8200\/v1\/sys\/init | jq .\n\n{\n  "keys": [\n    "cc86645102f32c100ddb5239dd231457e4944d55139cc63d9e6eb73b23244f59"\n  ],\n  "keys_base64": [\n    "zIZkUQLzLBAN21I53SMUV+SUTVUTnMY9nm63OyMkT1k="\n  ],\n  "root_token": "hvs.lkg7mE8OSF35JjR5va4Q6vwE"\n}\n\nvault@blog-vault:~$  export VAULT_ROOT_TOKEN="hvs.lkg7mE8OSF35JjR5va4Q6vwE"\nvault@blog-vault:~$  export VAULT_UNSEAL_TOKEN="zIZkUQLzLBAN21I53SMUV+SUTVUTnMY9nm63OyMkT1k="\n<\/pre><\/div>\n\n\n
Unseal the vault using the VAULT_UNSEAL_TOKEN<\/code>  saved variable.<\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s --request POST --data '{"key": "'"$VAULT_UNSEAL_TOKEN"'}' http:\/\/127.0.0.1:8200\/v1\/sys\/unseal | jq .\n{\n"type": "shamir",\n"initialized": true,\n"sealed": false,\n"t": 1,\n"n": 1,\n"progress": 0,\n"nonce": "",\n"version": "1.12.1",\n"build_date": "2022-10-27T12:32:05Z",\n"migration": false,\n"cluster_name": "vault-cluster-fa1e0851",\n"cluster_id": "2dbcd016-63e7-82ac-e684-847d6584a508",\n"recovery_seal": false,\n"storage_type": "file"\n}\n<\/pre><\/div>\n\n\n
Check the initialisation status:<\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s http:\/\/127.0.0.1:8200\/v1\/sys\/init | jq .\n{\n   "initialized": true\n}\n<\/pre><\/div>\n\n\n
Enable the AppRole<\/code> auth method.<\/h4>\n\n\n\n
More on this AppRole<\/code> authentification method: https:\/\/developer.hashicorp.com\/vault\/docs\/auth\/approle<\/a><\/p>\n\n\n
\nvault@blog-vault:~$ curl -s \\\n--header "X-Vault-Token: $VAULT_ROOT_TOKEN" \\\n--request POST \\\n--data '{"type": "approle"}' \\\nhttp:\/\/127.0.0.1:8200\/v1\/sys\/auth\/approle\n<\/pre><\/div>\n\n\n
 Get the AppRole<\/code> information<\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s \\\n--header "X-Vault-Token: $VAULT_ROOT_TOKEN" \\\n--request GET \\\nhttp:\/\/127.0.0.1:8200\/v1\/sys\/auth\/approle | jq .\n\n{\n    "options": {},\n    "plugin_version": "",\n    "running_plugin_version": "v1.12.1+builtin.vault",\n    "running_sha256": "",\n    "type": "approle",\n    "description": "",\n    "external_entropy_access": false,\n    "uuid": "f8c3835f-f6d0-cfab-34a0-6337aa3267a5",\n    "deprecation_status": "supported",\n    "config": {\n        "default_lease_ttl": 0,\n        "force_no_cache": false,\n        "max_lease_ttl": 0,\n        "token_type": "default-service"\n    },\n    "accessor": "auth_approle_f341e77c",\n    "local": false,\n    "seal_wrap": false,\n    "request_id": "16755bed-2c14-f0ae-8dd4-5e4d16b530ae",\n    "lease_id": "",\n    "renewable": false,\n    "lease_duration": 0,\n    "data": {\n        "accessor": "auth_approle_f341e77c",\n        "config": {\n            "default_lease_ttl": 0,\n            "force_no_cache": false,\n            "max_lease_ttl": 0,\n            "token_type": "default-service"\n            },\n        "deprecation_status": "supported",\n        "description": "",\n        "external_entropy_access": false,\n        "local": false,\n        "options": {},\n        "plugin_version": "",\n        "running_plugin_version": "v1.12.1+builtin.vault",\n        "running_sha256": "",\n        "seal_wrap": false,\n        "type": "approle",\n        "uuid": "f8c3835f-f6d0-cfab-34a0-6337aa3267a5"\n    },\n    "wrap_info": null,\n    "warnings": null,\n    "auth": null\n}\n<\/pre><\/div>\n\n\n
At this moment the vault is configured and the AppRole authentification method is activated.<\/p>\n\n\n\n
Configure the vault for user API usage <\/h2>\n\n\n\n
Create a policy <\/h4>\n\n\n\n
Create the policy oci_policy<\/code> with the rights  read\/update\/create<\/code> on the vault secret path.<\/p>\n\n\n
\nvault@blog-vault:~$ curl -s \\\n--header "X-Vault-Token: $VAULT_ROOT_TOKEN" \\\n--request PUT \\\n--data '{"policy":"\\npath \\"secret\/data\/\\" {\\n capabilities = [\\"create\\", \\"update\\", \\"read\\" ]\\n}\\n\\npath \\"secret\/data\/oci\/\\" {\\n capabilities = [\\"create\\", \\"update\\", \\"read\\" ]\\n}\\n"}' \\\nhttp:\/\/127.0.0.1:8200\/v1\/sys\/policies\/acl\/oci_policy\n<\/pre><\/div>\n\n\n
Get the create policy information<\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s \\\n--header "X-Vault-Token: $VAULT_ROOT_TOKEN" \\\n--request GET \\\nhttp:\/\/127.0.0.1:8200\/v1\/sys\/policies\/acl\/oci_policy | jq .\n{\n  "request_id": "5ecd0b6d-1034-908d-3146-322ee531a6ea",\n  "lease_id": "",\n  "renewable": false,\n  "lease_duration": 0,\n  "data": {\n    "name": "oci_policy",\n    "policy": "\\npath \\"secret\/data\/\\" {\\n capabilities = [\\"create\\", \\"update\\", \\"read\\" ]\\n}\\n\\npath \\"secret\/data\/oci\/\\" {\\n capabilities = [\\"read\\"]\\n}\\n"\n  },\n  "wrap_info": null,\n  "warnings": null,\n"auth": null\n}\n<\/pre><\/div>\n\n\n
Enable KV v2 secrets engine at secret<\/h4>\n\n\n\n
The KV secret engine is used to store arbitrary secrets. <\/p>\n\n\n\n
We use the version 2, as this is the last one at this moment<\/p>\n\n\n
\nvault@blog-vault:~$ curl -s \\\n--header "X-Vault-Token: $VAULT_ROOT_TOKEN" \\\n--request POST \\\n--data '{ "type":"kv-v2" }' \\\nhttp:\/\/127.0.0.1:8200\/v1\/sys\/mounts\/secret\n<\/pre><\/div>\n\n\n
Associate the created policy with a role (oci_role<\/code>)<\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s \\\n--header "X-Vault-Token: $VAULT_ROOT_TOKEN" \\\n--request POST \\\n--data '{"policies": ["oci_policy"]}' \\\nhttp:\/\/127.0.0.1:8200\/v1\/auth\/approle\/role\/oci_role\n<\/pre><\/div>\n\n\n
Get oci_role<\/code> id<\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s \\\n--header "X-Vault-Token: $VAULT_ROOT_TOKEN" \\\nhttp:\/\/127.0.0.1:8200\/v1\/auth\/approle\/role\/oci_role\/role-id | jq -r ".data"\n{\n"role_id": "68c22d2b-adf0-2f88-ec07-d7c495c51e30"\n}\n\n#\u00a0save this value\n\nvault@blog-vault:~$ export VAULT_ROLE_ID="68c22d2b-adf0-2f88-ec07-d7c495c51e30"\n<\/pre><\/div>\n\n\n
Creates a new SecretID using the oci_role<\/code><\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s \\\n--header "X-Vault-Token: $VAULT_ROOT_TOKEN" \\\n--request POST \\\nhttp:\/\/127.0.0.1:8200\/v1\/auth\/approle\/role\/oci_role\/secret-id | jq -r ".data"\n{\n  "secret_id": "d7602ddb-a2db-8e1d-47e3-4ee57e0a9140",\n  "secret_id_accessor": "dd56e8ea-8207-88c8-6c1d-9ff6b1e2ab54",\n  "secret_id_num_uses": 0,\n  "secret_id_ttl": 0\n}\n\n# save the secret_id value\nvault@blog-vault:~$ export VAULT_SECRET_ID="d7602ddb-a2db-8e1d-47e3-4ee57e0a9140"\n<\/pre><\/div>\n\n\n
Call the login endpoint to fetch a new Vault token.<\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s --request POST --data '{"role_id": "'"$VAULT_ROLE_ID"'", "secret_id":"'"$VAULT_SECRET_ID"'"}' http:\/\/127.0.0.1:8200\/v1\/auth\/approle\/login | jq -r ".auth"\n{\n  "client_token": "hvs.CAESIDvS7Q9FG9tt_PWCFls0ya-vZzR9RwwmC4vT63fqZe0_Gh4KHGh2cy5RM0ZDeUpNM2VwbU51Qm9RVXo1ZGk4ZVQ",\n  "accessor": "2wXPJf3Irw245R6jXaNmR60a",\n  "policies": [\n    "default",\n    "oci_policy"\n  ],\n  "token_policies": [\n    "default",\n    "oci_policy"\n  ],\n  "metadata": {\n    "role_name": "oci_role"\n  },\n  "lease_duration": 604800,\n  "renewable": true,\n  "entity_id": "dfb3bb81-6d8a-0fbb-1f7f-ce4c29e98019",\n  "token_type": "service",\n  "orphan": true,\n  "mfa_requirement": null,\n  "num_uses": 0\n}\n\n# save the client token id \n\nvault@blog-vault:~$ export VAULT_CLIENT_TOKEN="vs.CAESIDvS7Q9FG9tt_PWCFls0ya-vZzR9RwwmC4vT63fqZe0_Gh4KHGh2cy5RM0ZDeUpNM2VwbU51Qm9RVXo1ZGk4ZVQ"\n<\/pre><\/div>\n\n\n
Create a version 1 of a secret with a password <\/h4>\n\n\n\n
Create the the key named password<\/code> and the valus  my_long_password<\/code> <\/p>\n\n\n
\nvault@blog-vault:~$ curl -s \\\n--header "X-Vault-Token: $VAULT_CLIENT_TOKEN" \\\n--request POST \\\n--data '{ "data": {"password": "my-long-password"} }' \\\nhttp:\/\/127.0.0.1:8200\/v1\/secret\/data\/oci | jq -r ".data"\n\n{\n  "created_time": "2023-01-19T14:02:27.075843452Z",\n  "custom_metadata": null,\n  "deletion_time": "",\n  "destroyed": false,\n  "version": 1\n}\n<\/pre><\/div>\n\n\n
Get the password<\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s \\\n--header "X-Vault-Token: $VAULT_CLIENT_TOKEN" \\\n--request GET \\\nhttp:\/\/127.0.0.1:8200\/v1\/secret\/data\/oci | jq -r ".data.data"\n\n{\n  "password": "my-long-password"\n}\n<\/pre><\/div>\n\n\n
At this moment we are able to get a stored pair key:value <\/code> using the fetched $VAULT_CLIENT_TOKEN<\/code><\/p>\n\n\n\n
Restart everything<\/h2>\n\n\n\n
Restart the vault container to validate the retention of the vault.<\/p>\n\n\n\n
Pay attention to shutdown traces: when the shutdown is triggered the vault is sealed<\/p>\n\n\n
\nvault@blog-vault:~$ ==> Vault shutdown triggered\n2023-01-19T14:05:42.570Z [INFO] core: marked as sealed\n2023-01-19T14:05:42.570Z [INFO] core: pre-seal teardown starting\n2023-01-19T14:05:42.570Z [INFO] rollback: stopping rollback manager\n2023-01-19T14:05:42.570Z [INFO] core: pre-seal teardown complete\n2023-01-19T14:05:42.570Z [INFO] core: stopping cluster listeners\n2023-01-19T14:05:42.570Z [INFO] core.cluster-listener: forwarding rpc listeners stopped\n2023-01-19T14:05:42.609Z [INFO] core.cluster-listener: rpc listeners successfully shut down\n2023-01-19T14:05:42.609Z [INFO] core: cluster listeners successfully shut down\n2023-01-19T14:05:42.610Z [INFO] core: vault is sealed\n<\/pre><\/div>\n\n\n
Restart the podman<\/code> container<\/h4>\n\n\n
\nvault@blog-vault:~$ podman run --cap-add=IPC_LOCK -v $HOME\/vault\/logs:\/vault\/logs -v $HOME\/vault\/config:\/vault\/config -v $HOME\/vault\/file:\/vault\/file -e 'SKIP_CHOWN=true' -e 'SKIP_SETCAP=true' -p 8200:8200 vault server\n==> Vault server configuration:\n     \n            Cgo: disabled\n          Go Version: go1.19.2\n          Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")\n           Log Level: info\n               Mlock: supported: true, enabled: true\n       Recovery Mode: false\n             Storage: file\n             Version: Vault v1.12.1, built 2022-10-27T12:32:05Z\n         Version Sha: e34f8a14fb7a88af4640b09f3ddbb5646b946d9c\n==> Vault server started! Log data will stream in below:\n\n2023-01-19T14:06:04.376Z [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""\n2023-01-19T14:06:04.377Z [WARN] no api_addr value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set\n2023-01-19T14:06:04.398Z [INFO] core: Initializing version history cache for core\n<\/pre><\/div>\n\n\n
Let’s save some variables<\/h4>\n\n\n\n
For the values of these variable see the initial configuration of the vault<\/p>\n\n\n
\nvault@blog-vault:~$ export VAULT_ROLE_ID="68c22d2b-adf0-2f88-ec07-d7c495c51e30"\nvault@blog-vault:~$ export VAULT_SECRET_ID="d7602ddb-a2db-8e1d-47e3-4ee57e0a9140"\nvault@blog-vault:~$ export VAULT_UNSEAL_TOKEN="zIZkUQLzLBAN21I53SMUV+SUTVUTnMY9nm63OyMkT1k="\n<\/pre><\/div>\n\n\n
Check the vault status<\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s http:\/\/127.0.0.1:8200\/v1\/sys\/init | jq .\n{\n  "initialized": true\n}\n<\/pre><\/div>\n\n\n
Unseal the vault<\/h4>\n\n\n
\nvault@blog-vault:~$ curl -s --request POST --data '{"key": "'"$VAULT_UNSEAL_TOKEN"'"}' http:\/\/127.0.0.1:8200\/v1\/sys\/unseal | jq .\n{\n  "type": "shamir",\n  "initialized": true,\n  "sealed": false,\n  "t": 1,\n  "n": 1,\n  "progress": 0,\n  "nonce": "",\n  "version": "1.12.1",\n  "build_date": "2022-10-27T12:32:05Z",\n  "migration": false,\n  "cluster_name": "vault-cluster-3e0948ec",\n  "cluster_id": "1eb1ee65-f32c-7cf3-a5ec-7975e1f9240a",\n  "recovery_seal": false,\n  "storage_type": "file"\n}\n<\/pre><\/div>\n\n\n
Get the client token<\/h4>\n\n\n
\nvault@blog-vault:~$ export VAULT_CLIENT_TOKEN=$(curl -s --request POST --data '{"role_id": "'"$VAULT_ROLE_ID"'", "secret_id":"'"$VAULT_SECRET_ID"'"}' http:\/\/127.0.0.1:8200\/v1\/auth\/approle\/login | jq -r ".auth.client_token")\n<\/pre><\/div>\n\n\n
Finally fetch the password<\/h4>\n\n\n
\nvault@blog-vault:~$ export MY_PASSWORD=$(curl -s --header "X-Vault-Token: $VAULT_CLIENT_TOKEN" --request GET http:\/\/127.0.0.1:8200\/v1\/secret\/data\/oci | jq -r ".data.data.password")\n\nvault@blog-vault:~$ echo $MY_PASSWORD\nmy-long-password\n<\/pre><\/div>\n\n\n
Get some help<\/h3>\n\n\n\n
All API endpoints can receive the ?help=1<\/code> parameter to output the end-point help.<\/p>\n\n\n
\nvault@blog-vault:~$ curl -s --header "X-Vault-Token:$VAUL_ROOT_TOKEN" http:\/\/127.0.0.1:8200\/v1\/secret?help=1 | jq .\n{\n"help": "Request: config\\nMatching Route: ^config$\\n\\nConfigures settings for the KV store\\n\\n## PARAMETERS\\n\\n cas_required (bool)\\n\\n If true, the backend will require the cas parameter to be set for each write\\n\\n delete_version_after (duration (sec))\\n\\n \n\u2026.\n<\/pre><\/div>\n\n\n
Conclusion<\/h2>\n\n\n\n
Installing and using the Vault is quick and easy. Dealing with the problem of storing and using passwords later in a project is much more complicated and difficult to implement.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/p>\n\n\n\n
Happy scripting<\/h2>\n","protected":false},"excerpt":{"rendered":"
by Alexandre Nestor Introduction Keeping and using passwords in scripts is often an overlooked task, at least in the initial stages of development.This behavior poses serious security problems, and quite often, especially in scripts, one can find plaintext passwords.If the project uses Git, then the versions of git that contain the passwords are visible in […]<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[955,368,1320,1504,42],"tags":[135,601,2814,89,1646],"type_dbi":[],"class_list":["post-21650","post","type-post","status-publish","format-standard","hentry","category-cloud","category-development-performance","category-devops","category-docker","category-operating-systems","tag-cloud","tag-docker","tag-hashicorpvault","tag-kubernetes","tag-podman"],"acf":[],"yoast_head":"\nHashicorp Vault. Install and quick first configuration - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hashicorp Vault. Install and quick first configuration\" \/>\n<meta property=\"og:description\" content=\"by Alexandre Nestor Introduction Keeping and using passwords in scripts is often an overlooked task, at least in the initial stages of development.This behavior poses serious security problems, and quite often, especially in scripts, one can find plaintext passwords.If the project uses Git, then the versions of git that contain the passwords are visible in […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-19T16:12:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-24T09:42:51+00:00\" \/>\n<meta name=\"author\" content=\"Oracle Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oracle Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/hashicorp-vault-install-and-quick-first-configuration\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/hashicorp-vault-install-and-quick-first-configuration\\\/\"},\"author\":{\"name\":\"Oracle Team\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/66ab87129f2d357f09971bc7936a77ee\"},\"headline\":\"Hashicorp Vault. Install and quick first configuration\",\"datePublished\":\"2023-01-19T16:12:12+00:00\",\"dateModified\":\"2025-01-24T09:42:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/hashicorp-vault-install-and-quick-first-configuration\\\/\"},\"wordCount\":461,\"commentCount\":0,\"keywords\":[\"Cloud\",\"Docker\",\"HashicorpVault\",\"kubernetes\",\"podman\"],\"articleSection\":[\"Cloud\",\"Development & Performance\",\"DevOps\",\"Docker\",\"Operating systems\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/hashicorp-vault-install-and-quick-first-configuration\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/hashicorp-vault-install-and-quick-first-configuration\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/hashicorp-vault-install-and-quick-first-configuration\\\/\",\"name\":\"Hashicorp Vault. Install and quick first configuration - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"datePublished\":\"2023-01-19T16:12:12+00:00\",\"dateModified\":\"2025-01-24T09:42:51+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/66ab87129f2d357f09971bc7936a77ee\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/hashicorp-vault-install-and-quick-first-configuration\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/hashicorp-vault-install-and-quick-first-configuration\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/hashicorp-vault-install-and-quick-first-configuration\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Hashicorp Vault. Install and quick first configuration\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/66ab87129f2d357f09971bc7936a77ee\",\"name\":\"Oracle Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g\",\"caption\":\"Oracle Team\"},\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/oracle-team\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Hashicorp Vault. Install and quick first configuration - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/","og_locale":"en_US","og_type":"article","og_title":"Hashicorp Vault. Install and quick first configuration","og_description":"by Alexandre Nestor Introduction Keeping and using passwords in scripts is often an overlooked task, at least in the initial stages of development.This behavior poses serious security problems, and quite often, especially in scripts, one can find plaintext passwords.If the project uses Git, then the versions of git that contain the passwords are visible in […]","og_url":"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/","og_site_name":"dbi Blog","article_published_time":"2023-01-19T16:12:12+00:00","article_modified_time":"2025-01-24T09:42:51+00:00","author":"Oracle Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Oracle Team","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/"},"author":{"name":"Oracle Team","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"headline":"Hashicorp Vault. Install and quick first configuration","datePublished":"2023-01-19T16:12:12+00:00","dateModified":"2025-01-24T09:42:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/"},"wordCount":461,"commentCount":0,"keywords":["Cloud","Docker","HashicorpVault","kubernetes","podman"],"articleSection":["Cloud","Development & Performance","DevOps","Docker","Operating systems"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/","url":"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/","name":"Hashicorp Vault. Install and quick first configuration - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2023-01-19T16:12:12+00:00","dateModified":"2025-01-24T09:42:51+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/hashicorp-vault-install-and-quick-first-configuration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Hashicorp Vault. Install and quick first configuration"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/66ab87129f2d357f09971bc7936a77ee","name":"Oracle Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f711f7cd2c9b09bf2627133755b569fb5be0694810cfd33033bdd095fedba86d?s=96&d=mm&r=g","caption":"Oracle Team"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/oracle-team\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/21650","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=21650"}],"version-history":[{"count":20,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/21650\/revisions"}],"predecessor-version":[{"id":36876,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/21650\/revisions\/36876"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=21650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=21650"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=21650"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=21650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}