HashiCorp Vault

Vault provides organizations with identity-based security to automatically authenticate and authorize access to secrets and other sensitive data.

Reduce risk of a breach

Prevent credential exposure, eliminate secret sprawl, and block unauthorized users. Use Vault to authenticate access based on trusted identities and inject just-in-time credentials.

Save developer time

Stop manually rotating secrets. Vault helps you enforce access policies in code and speed up audits for your team. Use one API to automate secret creation, consumption, expiration, and rotation.

Lower costs with increased efficiency

Increase operational efficiency and reduce costs by scaling secrets access across large IT environments, consolidating applications for secrets storage and policy, and automating credential rotation.

Software Included

Package Version License
HashiCorp Vault 1.14.8 Mozilla Public License

Creating an App using the Control Panel

Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.

Deploy to DO

Creating an App using the API

In addition to creating a Droplet from the HashiCorp Vault 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB HashiCorp Vault Droplet in the SFO2 region, you can use the following curl command. You need to either save your API access token) to an environment variable or substitute it in the command below.

curl -X POST -H 'Content-Type: application/json' \
         -H 'Authorization: Bearer '$TOKEN'' -d \
        '{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "hashicorpvault"}' \

Getting Started After Deploying HashiCorp Vault

After Vault droplet is created, it’s required to login into it using SSH. Initialisation process will be finish, the root token and 5 keys will be stored in file /.digitalocean_vault_tokens.txt. After initialisation droplet will be available using HTTP on 8200 port.

Marketplace team strongly recommends to use your domain name and configure certbot (it’s preinstalled).

Useful links:

Configure Vault

Using certbot