By Thabo Lebelo in HashiCorp

Installing Vault on an AWS EC2 Instance

HashiCorp Vault allows organizations to securely store secrets such as API encryption keys, passwords, and certificates. Vault validates and authorizes clients (users, machines, apps) before providing them access to secrets or stored sensitive data.

HashiCorp Vault provides a single source of secrets for humans, machines, and applications. Using Vault’s UI, CLI, or HTTP API, access to secrets and other sensitive data can be securely stored and managed, tightly controlled (restricted), and auditable.

Solution Overview

We will manually install/download the Vault binary on an AWS instance that will be running the Amazon Linux 2 AMI then start consuming Vault. This is just basic intro to starting up Vault in the cloud.

Prerequisite

We need to make sure we have a running AWS EC2 instance (Amazon Linux 2 AMI)  in our account in order to complete this demo:

Step 1: Grab the Vault binary URL

We can visit the main vaultproject.io website to get the latest binary URL link or simply visit the releases.hashicorp.com from the browser to get it:

The copied link address for the latest linux Vault binary download is:

https://releases.hashicorp.com/vault/1.12.2/vault_1.12.2_linux_amd64.zip

Keep this safe as we need to issue it when we download the binary onto the EC2 instance.

Step 2: Connect to the EC2 instance

Open an ssh session to the Amazon Linux machine running in your account, and when we run the vault command it does not know how to interpret it since we do not have the binary downloaded yet:

  • Pull down the vault binary we looked at from Step 1 using the command below
curl --silent -Lo /tmp/vault.zip https://releases.hashicorp.com/vault/1.12.2/vault_1.12.2_linux_amd64.zip
  • Change directory to the /tmp folder, then unzip the file to get binary using commands below:
cd /tmp

#Inflate the binary
unzip vault.zip
  • Move the binary the the usr/local/bin path of this machine using the command below:
sudo mv vault /usr/local/bin
  • Confirm vault command runs anywhere by moving to a different folder (i.e. /home/ec2-user ):

Step 3: Start the Vault dev server

Since Vault is installed on the instance, we can start the vault server and run any commands inside the linux machine:

Start the server by running vault server -dev command

Summary

Thats how you would install the Vault binary on a Linux machine and start using issuing Vault commands. We will look at using the Vault's functions and features in a later post.