Highest Voted 'vault' Questions - Server Fault Stack Exchange

11

votes

2 answers

HAproxy health check for https backend

I have haproxy configuration that works perfect for vault server in the backend with http configuration and it load balance based on unsealed and active vault server using 200 OK code. This works for http. But we make everything to be https (tls)…

asked Aug 01 '18 at 16:09

Jayabalan Bala

281
1
2
8

8

votes

2 answers

Net bind capability with systemd

I am deploying Goldfish, an interface for Vault, in production on a server dedicated to secrets management. So security is of prime concern here. I am trying to deploy the service with systemd on an Unbuntu 16.04 system, giving it the least possible…

networking security systemd vault

asked Jun 15 '18 at 09:28

Macfli

81
1
1
4

3

votes

1 answer

Hashicorp Vault - Policy restricting one specific sub node in a path

I have a Hashicorp Vault server configured and everything is running great, except for my "deny" policies. I have a 2 level grouping for the majority of secrets, so they follow the structure of: secret/client/environment/* Not all secrets follow…

deny vault

asked Aug 08 '19 at 08:52

PhilHalf

71
1
6

3

votes

3 answers

Securing SSL certificate private key with nginx

I've been researching how to secure privaye keys for SSL certificats using nginx as a webserver, but have not been able to find many satisfactory answers. Specifically, for a client who wants to me to deploy a website under their own sub-domain,…

nginx ssl private-key vault

asked Apr 19 '20 at 16:39

Buno

155
2
8

2

votes

1 answer

Vault - generate secret without revealing it?

With Hashicorp's Vault, is it possbile to generate a secret without revealing that secret to the user who generated it? Along the lines of: vault generate secret/my/awesome/secret 32 Where it would generate a string of 32 random characters, will…

vault

asked Sep 18 '18 at 00:54

Jeff Welling

402
1
4
11

2

votes

0 answers

Can consul-template fetch Vault servers from consul?

I would like to integrate HashiCorp vault into our current setup of consul + consul-template and was a bit surprised to find no option for consul-template to fetch the vault servers from consul's service discovery. This is the configuration doc…

consul vault

asked Jun 08 '18 at 11:59

Michuelnik

3,260
3
18
24

2

votes

1 answer

Windows Hashicorp Vault client - any way to use TLS certs using secure OS features?

Right now, if I want to use a TLS certificate to authenticate to Vault, I need to have a file with the certificate, and a file with the private key, on my client's filesystem. On Windows, I'm able to use the OS to store certificates and private keys…

windows ssl-certificate vault

asked Aug 08 '22 at 19:34

mfinni

35,711
3
50
86

2

votes

1 answer

How to run Hashicorp Vault as a service on CentOS in production

I'm running the latest CentOS and I need Hashicorp Vault 1.6.3 to run as a service. I'm currently using the kv/secret background, so I can use Vault kv put secret/test/hello foo=bar In order to store secrets. When running vault as a server, it…

vault

asked Feb 26 '21 at 18:01

farslayer9

21
2

1

vote

1 answer

Use Vault to manage Kubernetes secrets

We are using Kubernetes on Google Kubernetes Engine - we currently have secrets added manually with the kubectl secret CLI. To make the secrets management more secure and easier across the team, we installed a Hashicorp Vault instance on a separate…

kubernetes google-kubernetes-engine vault

asked Mar 14 '19 at 09:03

maxime

140
1
6

1

vote

3 answers

Vault configuration supports environment variables?

Most configs support inline variables from the environment. Does support Vault configuration supports environment variables? Something like: ui = true listener "tcp" { tls_disable = 1 address = "[::]:8200" …

vault

asked Jan 22 '22 at 16:47

devent

13
2

1

vote

1 answer

hashicorp vault - load pre-existing CA certificate into PKI engine

I'm looking to migrate a process that generates client certificates from a custom root CA into hashicorp vault. The root is already trusted by a lot of applications, so I'd like to import it (or an intermediate) into vault and emit the client…

ssl-certificate certificate-authority pki vault

asked Oct 11 '21 at 22:53

André Fernandes

959
7
24

1

vote

0 answers

Injected vault-agent pod failing to start, api server & vault aren't communicating

I have a local kubernetes cluster using kind. It is a single node cluster. On this cluster I am following this guide to setup Vault & the vault-agent-injector. If I follow the tutorial step by step the end result is that the orgchart pod will fail…

networking cluster vault minikube

asked Aug 20 '21 at 13:38

max_sargent

11
2

1

vote

0 answers

Unable to fetch Vault Token for Pod Service Account

I am using Vault CSI Driver on Charmed Kubernetes v1.19 where I'm trying to retrieve secrets from Vault for a pod running in a separate namespace (webapp) with its own service account (webapp-sa) following the steps in the blog. As I have been able…

kubernetes vault

asked Aug 19 '21 at 11:13

sanakhanlibre

11
3

1

vote

1 answer

Store AWX/Ansible Tower Database password is HashiCorp Vault

With AWX and Ansible Tower, I know you can use HashiCorp Vault to manage the passwords that you use inside your playbooks. For instance if you want to configure some network devices, the credentials for accessing these devices could reside in the…

ansible ansible-tower vault

asked Nov 17 '20 at 22:19

Paul Mintoumba

11
1

1

vote

1 answer

Shift HashiCorp Vault secrets from one path (sub dir) to another

Good morning ! I am using Vault from HashiCorp and would like to move secrets and secrets structure around. I have a bunch of secrets under a path, let…

vault

asked Sep 25 '20 at 14:10

yield

731
1
8
24

Questions tagged [vault]