Securing HashiCorp Vault with Let’s Encrypt SSL

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot
sudo certbot certonly --standalone -d vault.example.com
Cert: /etc/letsencrypt/live/vault.example.com/fullchain.pem
PrivKey: /etc/letsencrypt/live/vault.example.com/privkey.pem
$ vault -v
Vault v0.11.2 ('2b1a4304374712953ff606c6a925bbe90a4e85dd')
Vault Systemd Service
$ sudo systemctl start vault.service
$ sudo systemctl enable vault.service
$ sudo systemctl status vault.service
$ curl -XGET https://vault.example.com:8200/v1/sys/health
{"initialized":true,"sealed":true,"standby":true,"performance_standby":false,"replication_performance_mode":"unknown","replication_dr_mode":"unknown","server_time_utc":1538932014,"version":"0.11.2"}
$ vault operator init | sudo tee /etc/vault/init.file
egrep -m3 '^Unseal Key' /etc/vault/init.file | cut -f2- -d: | tr -d ' ' | while read key; do   vault unseal ${key}; done
sudo certbot certonly --standalone -d vault.axiatancell.com --deploy-hook "sudo systemctl restart vault.service && egrep -m3 '^Unseal Key' /etc/vault/init.file | cut -f2- -d: | tr -d ' ' | while read key; do   vault unseal ${key}; done"

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store