DEV Community

AWS Community Builders profile image Srinivasulu Paranduru
Srinivasulu Paranduru for AWS Community Builders

Posted on

HashiCorp Vault

#hashicorp #vault #aws

Use cases for using Vault ? How to mitigate the below mentioned cases

  • For the plain text passwords stored in notepads
  • AWS Access/Secret keys stored in notepads
  • Tokens stored in notepads

We need a system with functionalities

  • Manage Secrets and Protect Sensivite Data
  • Idenity Based Access Managment
  • Generate Dynamic Secrets[DB Creds,AWS Creds and others]
  • Open Source

Use Case - Dynamic Secrets

Image description

  • Users request credentials
  • Vault share the dynamic secrets with lifespan for the secret
  • When users request after the expiry , vault will generate new secret

Preparation materials
https://developer.hashicorp.com/vault/tutorials/associate-cert-003

Exam Pattern & Cost
Image description

Overview of Hashicorp Vault

  • HashiCorp Vault allows organization to securely store secrets like tokens,passwords,certificates along with access management for protecting secrets.
  • Secrets can include database passwords, AWS Secret/Secret keys, API Tokens, encryption keys
  • Once vault is integrated with multiple backends, major access related to Access Management can be taken care by vault.

Installing Vault in Windows Servers:

  • Vault installation is very easy
  • You have a binary file, we need to download and use it

Supported platforms

  • Windows
  • macOS
  • Linux
  • FreeBSD
  • NetBSD
  • OpenBSD
  • Solaris

Software download path

Overview of vault Dev mode

  • The Dev server mode in Vault is useful for local development & testing
  • Not very secure
  • Everything is stored in-memory[will loose data on every restart]
  • Start dev server by running the command vault server -dev

Image description

Copy the url - http://127.0.0.1:8200 , which is highlighted
and also copy the token, which is required for login

Image description

Go to command prompt and type Ctrl+X , it will break the dev url then the command

vault status
Enter fullscreen mode Exit fullscreen mode

Error checking seal status: Get "http://127.0.0.1:8200/v1/sys/seal-status": dial tcp 127.0.0.1:8200: connectex: No connection could be made because the target machine actively refused it.

Try to run the dev URL command vault server -dev, render the url with the new token in the cmd prompt

Conclusion : Discussed about basics of Hashicorp vault, required software's to run the HashiCorp vault.
💬 If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it 😀 and follow me in dev.to , linkedin

Top comments (0)

Read next

hema_22 profile image

AWS SYSTEMS MANAGER

Hema -

dejanualex profile image

AWS Academy by PartyRock

dejanualex -

richard_atodo profile image

Deploying the Number Classification API Using AWS Lambda Function URL

Richard Atodo -

abhay_yt_52a8e72b213be229 profile image

Top 100 DynamoDB Interview Questions for 5+ Years of Experience

Abhay Singh Kathayat -