Questions tagged [vault]

Questions about Hashicorp's Vault tool for managing secrets

39 questions
11
votes
2 answers

HAproxy health check for https backend

I have haproxy configuration that works perfect for vault server in the backend with http configuration and it load balance based on unsealed and active vault server using 200 OK code. This works for http. But we make everything to be https (tls)…
Jayabalan Bala
  • 281
  • 1
  • 2
  • 8
8
votes
2 answers

Net bind capability with systemd

I am deploying Goldfish, an interface for Vault, in production on a server dedicated to secrets management. So security is of prime concern here. I am trying to deploy the service with systemd on an Unbuntu 16.04 system, giving it the least possible…
Macfli
  • 81
  • 1
  • 1
  • 4
3
votes
1 answer

Hashicorp Vault - Policy restricting one specific sub node in a path

I have a Hashicorp Vault server configured and everything is running great, except for my "deny" policies. I have a 2 level grouping for the majority of secrets, so they follow the structure of: secret/client/environment/* Not all secrets follow…
PhilHalf
  • 71
  • 1
  • 6
3
votes
3 answers

Securing SSL certificate private key with nginx

I've been researching how to secure privaye keys for SSL certificats using nginx as a webserver, but have not been able to find many satisfactory answers. Specifically, for a client who wants to me to deploy a website under their own sub-domain,…
Buno
  • 155
  • 2
  • 8
2
votes
1 answer

Vault - generate secret without revealing it?

With Hashicorp's Vault, is it possbile to generate a secret without revealing that secret to the user who generated it? Along the lines of: vault generate secret/my/awesome/secret 32 Where it would generate a string of 32 random characters, will…
Jeff Welling
  • 402
  • 1
  • 4
  • 11
2
votes
0 answers

Can consul-template fetch Vault servers from consul?

I would like to integrate HashiCorp vault into our current setup of consul + consul-template and was a bit surprised to find no option for consul-template to fetch the vault servers from consul's service discovery. This is the configuration doc…
Michuelnik
  • 3,260
  • 3
  • 18
  • 24
2
votes
1 answer

Windows Hashicorp Vault client - any way to use TLS certs using secure OS features?

Right now, if I want to use a TLS certificate to authenticate to Vault, I need to have a file with the certificate, and a file with the private key, on my client's filesystem. On Windows, I'm able to use the OS to store certificates and private keys…
mfinni
  • 35,711
  • 3
  • 50
  • 86
2
votes
1 answer

How to run Hashicorp Vault as a service on CentOS in production

I'm running the latest CentOS and I need Hashicorp Vault 1.6.3 to run as a service. I'm currently using the kv/secret background, so I can use Vault kv put secret/test/hello foo=bar In order to store secrets. When running vault as a server, it…
farslayer9
  • 21
  • 2
1
vote
1 answer

Use Vault to manage Kubernetes secrets

We are using Kubernetes on Google Kubernetes Engine - we currently have secrets added manually with the kubectl secret CLI. To make the secrets management more secure and easier across the team, we installed a Hashicorp Vault instance on a separate…
maxime
  • 140
  • 1
  • 6
1
vote
3 answers

Vault configuration supports environment variables?

Most configs support inline variables from the environment. Does support Vault configuration supports environment variables? Something like: ui = true listener "tcp" { tls_disable = 1 address = "[::]:8200" …
devent
  • 13
  • 2
1
vote
1 answer

hashicorp vault - load pre-existing CA certificate into PKI engine

I'm looking to migrate a process that generates client certificates from a custom root CA into hashicorp vault. The root is already trusted by a lot of applications, so I'd like to import it (or an intermediate) into vault and emit the client…
1
vote
0 answers

Injected vault-agent pod failing to start, api server & vault aren't communicating

I have a local kubernetes cluster using kind. It is a single node cluster. On this cluster I am following this guide to setup Vault & the vault-agent-injector. If I follow the tutorial step by step the end result is that the orgchart pod will fail…
1
vote
0 answers

Unable to fetch Vault Token for Pod Service Account

I am using Vault CSI Driver on Charmed Kubernetes v1.19 where I'm trying to retrieve secrets from Vault for a pod running in a separate namespace (webapp) with its own service account (webapp-sa) following the steps in the blog. As I have been able…
1
vote
1 answer

Store AWX/Ansible Tower Database password is HashiCorp Vault

With AWX and Ansible Tower, I know you can use HashiCorp Vault to manage the passwords that you use inside your playbooks. For instance if you want to configure some network devices, the credentials for accessing these devices could reside in the…
1
vote
1 answer

Shift HashiCorp Vault secrets from one path (sub dir) to another

Good morning ! I am using Vault from HashiCorp and would like to move secrets and secrets structure around. I have a bunch of secrets under a path, let…
yield
  • 731
  • 1
  • 8
  • 24
1
2 3