HashiCorp Vault
Vault provides organizations with identity-based security to automatically authenticate and authorize access to secrets and other sensitive data.
Reduce risk of a breach
Prevent credential exposure, eliminate secret sprawl, and block unauthorized users. Use Vault to authenticate access based on trusted identities and inject just-in-time credentials.
Save developer time
Stop manually rotating secrets. Vault helps you enforce access policies in code and speed up audits for your team. Use one API to automate secret creation, consumption, expiration, and rotation.
Lower costs with increased efficiency
Increase operational efficiency and reduce costs by scaling secrets access across large IT environments, consolidating applications for secrets storage and policy, and automating credential rotation.
Software Included
| Package | Version | License |
|---|---|---|
| HashiCorp Vault | 1.14.8 | Mozilla Public License |
Creating an App using the Control Panel
Click the Deploy to DigitalOcean button to create a Droplet based on this 1-Click App. If you aren’t logged in, this link will prompt you to log in with your DigitalOcean account.
Creating an App using the API
In addition to creating a Droplet from the HashiCorp Vault 1-Click App using the control panel, you can also use the DigitalOcean API. As an example, to create a 4GB HashiCorp Vault Droplet in the SFO2 region, you can use the following curl command. You need to either save your API access token) to an environment variable or substitute it in the command below.
curl -X POST -H 'Content-Type: application/json' \
-H 'Authorization: Bearer '$TOKEN'' -d \
'{"name":"choose_a_name","region":"sfo2","size":"s-2vcpu-4gb","image": "hashicorpvault"}' \
"https://api.digitalocean.com/v2/droplets"
Getting Started After Deploying HashiCorp Vault
After Vault droplet is created, it’s required to login into it using SSH. Initialisation process will be finish, the root token and 5 keys will be stored in file /.digitalocean_vault_tokens.txt. After initialisation droplet will be available using HTTP on 8200 port.
Marketplace team strongly recommends to use your domain name and configure certbot (it’s preinstalled).
Useful links: