手把手-安装-vault

操作系统

Centos 7.6 , Ubuntu-19.10

硬件配置(推荐)

 CPU / 内存 : 2核 / 4GB

安装版本

vault 1.3.2

https://releases.hashicorp.com/vault/1.3.2/vault_1.3.2_linux_amd64.zip

开始安装

首先下载安装包

wget https://releases.hashicorp.com/vault/1.3.2/vault_1.3.2_linux_amd64.zip

解压安装包

unzip vault_1.3.2_linux_amd64.zip

移动文件vault到/usr/bin目录

mv vault /usr/bin

配置服务

创建service文件

vi /lib/systemd/system/vault.service

[Unit]
Description=vault
Requires=network-online.target
After=network-online.target
[Service]
Restart=on-failure
ExecStart=/usr/bin/vault server -config=/etc/vault/vault.json
ExecStop=/usr/bin/vault step-down
[Install]
WantedBy=multi-user.target

 创建vault启动配置文件

vi /etc/vault/vault.hcl

disable_mlock = true
ui = true
backend "file" {
    path = "/var/lib/vault/file"
}
listener "tcp" {
     address = "0.0.0.0:8200"
     tls_disable = 1
}
api_addr = "http://0.0.0.0:8200"

启动服务

systemctl start vault

设置开机启动

systemctl enable vault

 配置环境变量

vi /etc/profile

export VAULT_ADDR=http://127.0.0.1:8200

初始化vault

vault operator init -key-shares=5 -key-threshold=3 
# -key-shares：指定密钥的总股数， 
# -key-threshold：指定需要几股可解锁 
# 以上参数为默认，可不设置

解封vault,数据初始化的时候获取的5个密钥中的3个对Vault进行解封操作

vault operator unseal