Securing HashiCorp Vault with Let’s Encrypt SSL

What we will do in this post?

  1. Install Let’s Encrypt certbot and generate certificate
  2. Install and configure vault using systemd.service
  3. Initialize vault operator and automate unseal
  4. Link Let’s Encrypt cert renewal with vault service
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot
sudo certbot certonly --standalone -d vault.example.com
Cert: /etc/letsencrypt/live/vault.example.com/fullchain.pem
PrivKey: /etc/letsencrypt/live/vault.example.com/privkey.pem
$ vault -v
Vault v0.11.2 ('2b1a4304374712953ff606c6a925bbe90a4e85dd')
Vault Systemd Service
$ sudo systemctl start vault.service
$ sudo systemctl enable vault.service
$ sudo systemctl status vault.service
$ curl -XGET https://vault.example.com:8200/v1/sys/health
{"initialized":true,"sealed":true,"standby":true,"performance_standby":false,"replication_performance_mode":"unknown","replication_dr_mode":"unknown","server_time_utc":1538932014,"version":"0.11.2"}
$ vault operator init | sudo tee /etc/vault/init.file
egrep -m3 '^Unseal Key' /etc/vault/init.file | cut -f2- -d: | tr -d ' ' | while read key; do   vault unseal ${key}; done
sudo certbot certonly --standalone -d vault.axiatancell.com --deploy-hook "sudo systemctl restart vault.service && egrep -m3 '^Unseal Key' /etc/vault/init.file | cut -f2- -d: | tr -d ' ' | while read key; do   vault unseal ${key}; done"

--

--

--

DevOps | SRE | #GDE

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

ElasticSearch’s Garbage Collector — CMS or G1GC ?

RESTool — Open Source UI Tool for Managing RESTful APIs

What I Have Learned As A Programmer, And What You Can Too!

DevOps/SRE Principles From Kickboxing

Unity3D UI Batching and Batch Breaking

How writing tests can make you a faster and more productive developer

Docker-Compose - Creating the best from Docker

Solution Architecture for Beginners

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Raju Dawadi

Raju Dawadi

DevOps | SRE | #GDE

More from Medium

Kustomized Helm

Cloud Native Buildpacks / Paketo.io in GitLab CI without Docker & pack CLI

Helm Charts for Creating Kubernetes Cron Jobs

Distributing an application as Helm chart on Artifact Hub