-1

Is it possible to host/deploy HashiCorp Vault on MS Azure App Services so that I can create, read, update and delete Vault secrets from my apps deployed on Azure App Services?

I can't find any documentation. I only know that I can host it on Windows virtual machine on-prem.

turtleCheeks
  • 3
  • 1

2 Answers2

0

I think a better option would be to run Vault in an Azure Container Instance. You can find the official vault container here: https://github.com/hashicorp/docker-vault

The App Service platform execution environment differs from a local execution environment mainly due to multi-tenancy — because a single physical machine in the data center can be concurrently executing apps and services belonging to a large number of differing customers, resources are more constrained than in the case of an app running on a single machine. The sandbox mechanism mitigates the risk of service disruption due to resource contention and depletion in two ways: it (1) ensures that each app receives a minimum guarantee of resources and quality-of-service, and conversely (2) enforces limits so that an app can not disrupt other concurrently-executing apps on the same machine.

More Details on Azure App Service Sandbox: https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox

Ken W - Zero Networks
  • 3,533
  • 1
  • 13
  • 18
0

That's seems doable. I could think of a few options (#1 is specifically for AppServices as you have asked)

  1. HashiCorpVault -> Docker -> App Service: I'm assuming you are familiar with Docker which is required for this step. You can create a container locally and deploy on AppService.
  • To do this, create a docker file and as a part of the build use brew to download Vault.
  • You will need to create your dockerfile in multi-steps to have Node and brew installed first.
  • Once that's done, the next step in build process is to get HashiCorp vault via brew https://www.vaultproject.io/downloads.
  • Alternatively, you could download the packages on your machine using brew, and then package your container.
  • You can run your container locally, make any configuration changes you prefer and create image once you are ready.
  • Once you have your image on your preferred repository, you could follow the Microsoft guide to deploy: https://learn.microsoft.com/en-us/learn/modules/deploy-run-container-app-service/
  1. HashiCorp Integration with Azure: It can be integrated with Azure https://www.hashicorp.com/integrations/microsoft and ready to be used at scale.
sandiejat
  • 2,552
  • 19
  • 24