Highest Voted 'vault' Questions - Server Fault Stack Exchange

13

votes

2 answers

HAproxy health check for https backend

I have haproxy configuration that works perfect for vault server in the backend with http configuration and it load balance based on unsealed and active vault server using 200 OK code. This works for http. But we make everything to be https (tls)…

asked Aug 01 '18 at 16:09

Jayabalan Bala

311
1
2
8

9

votes

2 answers

Net bind capability with systemd

I am deploying Goldfish, an interface for Vault, in production on a server dedicated to secrets management. So security is of prime concern here. I am trying to deploy the service with systemd on an Unbuntu 16.04 system, giving it the least possible…

networking security systemd vault

asked Jun 15 '18 at 09:28

Macfli

91
1
1
4

3

votes

1 answer

Hashicorp Vault - Policy restricting one specific sub node in a path

I have a Hashicorp Vault server configured and everything is running great, except for my "deny" policies. I have a 2 level grouping for the majority of secrets, so they follow the structure of: secret/client/environment/* Not all secrets follow…

deny vault

asked Aug 08 '19 at 08:52

PhilHalf

71
1
6

3

votes

3 answers

Securing SSL certificate private key with nginx

I've been researching how to secure privaye keys for SSL certificats using nginx as a webserver, but have not been able to find many satisfactory answers. Specifically, for a client who wants to me to deploy a website under their own sub-domain,…

nginx ssl private-key vault

asked Apr 19 '20 at 16:39

Buno

155
2
9

2

votes

1 answer

Vault - generate secret without revealing it?

With Hashicorp's Vault, is it possbile to generate a secret without revealing that secret to the user who generated it? Along the lines of: vault generate secret/my/awesome/secret 32 Where it would generate a string of 32 random characters, will…

vault

asked Sep 18 '18 at 00:54

Jeff Welling

422
1
4
11

2

votes

0 answers

Can consul-template fetch Vault servers from consul?

I would like to integrate HashiCorp vault into our current setup of consul + consul-template and was a bit surprised to find no option for consul-template to fetch the vault servers from consul's service discovery. This is the configuration doc…

consul vault

asked Jun 08 '18 at 11:59

Michuelnik

3,410
3
19
24

2

votes

1 answer

Windows Hashicorp Vault client - any way to use TLS certs using secure OS features?

Right now, if I want to use a TLS certificate to authenticate to Vault, I need to have a file with the certificate, and a file with the private key, on my client's filesystem. On Windows, I'm able to use the OS to store certificates and private keys…

windows ssl-certificate vault

asked Aug 08 '22 at 19:34

mfinni

36,144
4
53
86

2

votes

2 answers

How to run Hashicorp Vault as a service on CentOS in production

I'm running the latest CentOS and I need Hashicorp Vault 1.6.3 to run as a service. I'm currently using the kv/secret background, so I can use Vault kv put secret/test/hello foo=bar In order to store secrets. When running vault as a server, it…

vault

asked Feb 26 '21 at 18:01

farslayer9

29
2

2

votes

0 answers

Vault invalid certificate or no client certificate supplied - cert auth method

I have created a CA in Vault to handle my certificate creation. I've followed this guide here: https://learn.hashicorp.com/vault/secrets-management/sm-pki-engine I am trying to generate a client certificate using the pki secrets engine in Vault and…

ssl ssl-certificate pki vault

asked Jun 10 '20 at 15:08

Charles Wood

21
2

1

vote

1 answer

Use Vault to manage Kubernetes secrets

We are using Kubernetes on Google Kubernetes Engine - we currently have secrets added manually with the kubectl secret CLI. To make the secrets management more secure and easier across the team, we installed a Hashicorp Vault instance on a separate…

kubernetes google-kubernetes-engine vault

asked Mar 14 '19 at 09:03

maxime

140
2
6

1

vote

0 answers

HashiCorp Vault User Audit Capability

We're seeking a solution to enable us audit our HashiCorp Vault instance to obtain a namespace breakdown of: For each Vault user, the roles or groups that their entity belongs to. Having reviewed the Vault API explorer commands, it appears this is…

audit vault

asked Oct 07 '22 at 09:22

hitman126

11
1

1

vote

1 answer

Login to HashiCorp Vault with Kubernetes Auth from Pod with Vault CLI

TL;DR: What is the proper way to login from Vault CLI in a Kubernetes Pod using the Kubernetes Auth Method. I want to create regular snapshots from my HashiCorp Vault raft storage. So I created a Kubernetes CronJob running the same image as my Vault…

kubernetes service-accounts vault token

asked Jul 18 '22 at 18:31

Max N.

131
4

1

vote

3 answers

Vault configuration supports environment variables?

Most configs support inline variables from the environment. Does support Vault configuration supports environment variables? Something like: ui = true listener "tcp" { tls_disable = 1 address = "[::]:8200" …

vault

asked Jan 22 '22 at 16:47

devent

13
3

1

vote

1 answer

hashicorp vault - load pre-existing CA certificate into PKI engine

I'm looking to migrate a process that generates client certificates from a custom root CA into hashicorp vault. The root is already trusted by a lot of applications, so I'd like to import it (or an intermediate) into vault and emit the client…

ssl-certificate certificate-authority pki vault

asked Oct 11 '21 at 22:53

André Fernandes

969
1
10
25

1

vote

0 answers

Injected vault-agent pod failing to start, api server & vault aren't communicating

I have a local kubernetes cluster using kind. It is a single node cluster. On this cluster I am following this guide to setup Vault & the vault-agent-injector. If I follow the tutorial step by step the end result is that the orgchart pod will fail…

networking cluster vault minikube

asked Aug 20 '21 at 13:38

max_sargent

11
3

Questions tagged [vault]