Skip to main content

Questions tagged [vault]

Questions about Hashicorp's Vault tool for managing secrets

Filter by
Sorted by
Tagged with
13 votes
2 answers
51k views

HAproxy health check for https backend

I have haproxy configuration that works perfect for vault server in the backend with http configuration and it load balance based on unsealed and active vault server using 200 OK code. This works for ...
Jayabalan Bala's user avatar
12 votes
2 answers
21k views

Net bind capability with systemd

I am deploying Goldfish, an interface for Vault, in production on a server dedicated to secrets management. So security is of prime concern here. I am trying to deploy the service with systemd on an ...
Macfli's user avatar
  • 121
3 votes
3 answers
3k views

Securing SSL certificate private key with nginx

I've been researching how to secure privaye keys for SSL certificats using nginx as a webserver, but have not been able to find many satisfactory answers. Specifically, for a client who wants to me ...
Buno's user avatar
  • 165
3 votes
1 answer
7k views

Hashicorp Vault - Policy restricting one specific sub node in a path

I have a Hashicorp Vault server configured and everything is running great, except for my "deny" policies. I have a 2 level grouping for the majority of secrets, so they follow the structure of: ...
PhilHalf's user avatar
2 votes
1 answer
2k views

Vault - generate secret without revealing it?

With Hashicorp's Vault, is it possbile to generate a secret without revealing that secret to the user who generated it? Along the lines of: vault generate secret/my/awesome/secret 32 Where it would ...
Jeff Welling's user avatar
2 votes
2 answers
2k views

OCSP setup for Vault

I have vault setup running in container for PKI Secrets Engine and would like to add OCSP support for application to check if certificate is not revoked. I didn’t find any explanation on how to setup ...
rp346's user avatar
  • 101
2 votes
2 answers
3k views

How to run Hashicorp Vault as a service on CentOS in production

I'm running the latest CentOS and I need Hashicorp Vault 1.6.3 to run as a service. I'm currently using the kv/secret background, so I can use Vault kv put secret/test/hello foo=bar In order to store ...
farslayer9's user avatar
2 votes
1 answer
703 views

Windows Hashicorp Vault client - any way to use TLS certs using secure OS features?

Right now, if I want to use a TLS certificate to authenticate to Vault, I need to have a file with the certificate, and a file with the private key, on my client's filesystem. On Windows, I'm able to ...
mfinni's user avatar
  • 36.3k
2 votes
0 answers
1k views

Vault invalid certificate or no client certificate supplied - cert auth method

I have created a CA in Vault to handle my certificate creation. I've followed this guide here: https://learn.hashicorp.com/vault/secrets-management/sm-pki-engine I am trying to generate a client ...
Charles Wood's user avatar
2 votes
0 answers
204 views

Can consul-template fetch Vault servers from consul?

I would like to integrate HashiCorp vault into our current setup of consul + consul-template and was a bit surprised to find no option for consul-template to fetch the vault servers from consul's ...
Michuelnik's user avatar
  • 3,510
1 vote
1 answer
3k views

Login to HashiCorp Vault with Kubernetes Auth from Pod with Vault CLI

TL;DR: What is the proper way to login from Vault CLI in a Kubernetes Pod using the Kubernetes Auth Method. I want to create regular snapshots from my HashiCorp Vault raft storage. So I created a ...
Max N.'s user avatar
  • 131
1 vote
2 answers
1k views

Hashicorp Vault How Do I Login Headless From STDIN Using Bash Shell?

Given a Bash Shell say in a Docker container running on Gitlab, for example, how would I get the password to get passed in? When I login with this: $ vault login -method=ldap username=myusername It ...
Frederick Ollinger's user avatar
1 vote
1 answer
6k views

hashicorp vault - load pre-existing CA certificate into PKI engine

I'm looking to migrate a process that generates client certificates from a custom root CA into hashicorp vault. The root is already trusted by a lot of applications, so I'd like to import it (or an ...
André Fernandes's user avatar
1 vote
3 answers
3k views

Vault configuration supports environment variables?

Most configs support inline variables from the environment. Does support Vault configuration supports environment variables? Something like: ui = true listener "tcp" { ...
devent's user avatar
  • 13
1 vote
0 answers
27 views

HashiCorp Vault User Audit Capability

We're seeking a solution to enable us audit our HashiCorp Vault instance to obtain a namespace breakdown of: For each Vault user, the roles or groups that their entity belongs to. Having reviewed ...
hitman126's user avatar
1 vote
0 answers
2k views

Injected vault-agent pod failing to start, api server & vault aren't communicating

I have a local kubernetes cluster using kind. It is a single node cluster. On this cluster I am following this guide to setup Vault & the vault-agent-injector. If I follow the tutorial step by ...
max_sargent's user avatar
1 vote
0 answers
704 views

Unable to fetch Vault Token for Pod Service Account

I am using Vault CSI Driver on Charmed Kubernetes v1.19 where I'm trying to retrieve secrets from Vault for a pod running in a separate namespace (webapp) with its own service account (webapp-sa) ...
sanakhanlibre's user avatar
1 vote
1 answer
872 views

Store AWX/Ansible Tower Database password is HashiCorp Vault

With AWX and Ansible Tower, I know you can use HashiCorp Vault to manage the passwords that you use inside your playbooks. For instance if you want to configure some network devices, the credentials ...
Paul Mintoumba's user avatar
1 vote
1 answer
1k views

Shift HashiCorp Vault secrets from one path (sub dir) to another

Good morning ! I am using Vault from HashiCorp and would like to move secrets and secrets structure around. I have a bunch of secrets under a path, let say: boo/foo/ boo/foo/bar/secret1 boo/foo/bar/...
yield's user avatar
  • 810
1 vote
0 answers
2k views

How to store Vault audit logs when running vault in a Docker container

I'm researching the various audit devices for Hashicorp Vault. My goal is to run Vault in a Docker environment (currently Docker Swarm). The File method is fairly straightforward, but I'm also ...
wsams's user avatar
  • 121
1 vote
1 answer
390 views

Use Vault to manage Kubernetes secrets

We are using Kubernetes on Google Kubernetes Engine - we currently have secrets added manually with the kubectl secret CLI. To make the secrets management more secure and easier across the team, we ...
maxime's user avatar
  • 140
0 votes
2 answers
257 views

Oracle Cloud Native Environment setup with Vault faild on validating host names in certificate

I'm setting up OLCNE environment with Hashicorp Vault PKI, I successfully install agent, setup vault, certificates was generated but during module createion I have error that host name not match ...
Adam Wyżgoł's user avatar
0 votes
1 answer
1k views

How to convert configmap to azure keyvault

I have a configmap like below.Which I will link to a config file in our application. apiVersion: v1 kind: ConfigMap metadata: name: database-configmap data: config: | dbport=5432 dcname= ...
uday's user avatar
  • 412
0 votes
1 answer
588 views

How to use acr secret saved in azure vault for image pull?

With azure vault and csi driver, able to create secrets and access them as single files in container. I followed this approach to create basic secrets. Can accessible the secrets from the container as ...
uday's user avatar
  • 412
0 votes
1 answer
130 views

Managing Authentication on REST APIs

The scenario is, I want to manage authentication in several REST APIs deployed in different environments. I've been reading about the Vault, and apparently, it has this feature. With Vault is possible ...
Guilherme's user avatar
  • 103
0 votes
1 answer
1k views

How to permanently set vault token and url remote server in macos

On Linux I'm setting vault variables to /etc/environment next: export VAULT_URL='https://some-remote-server.org:8200/' export VAULT_TOKEN='SoMeToKeN' But when I'm typeing this in macos, after $> ...
soul_assassins's user avatar
0 votes
1 answer
772 views

Vault pod going to crashLoopBackOff state on restarting

We have configured vault to run as a pod in the cluster. In the below deployment YAML file, we have included the vault initialisation and unsealing to happen when the pod comes up initially. But when ...
Meghana B Srinath's user avatar
0 votes
1 answer
232 views

Trying to deploy vault:1.2.4 in kubernetes

I have been trying to bring up a Vault pod in K8!, I am using vault:1.2.4 and I have added the capability and config in the yaml as mentioned in the official docker page of vault But still, I always ...
Ani's user avatar
  • 30
0 votes
1 answer
640 views

Consul, vault and postgres containers don't communicate

I'm trying to set up Consul with Vault for secrets management for Postgres with Docker. Here is my configuration Dokcerfile: FROM python:3.6-slim ENV VAULT_VERSION 0.11.1 ENV CONSUL_VERSION 1.2.3 ...
kebie's user avatar
  • 141
0 votes
0 answers
10 views

Cannot register new ACME account on vault ACME endpoint

I have setup a new instance of Hashicorp's Vault, I followed the tutorial instructions on Hashicorp's own website on how to configure ACME. However, I am unable to register new ACME accounts using ...
Xavanteex's user avatar
0 votes
1 answer
36 views

Hashicorp Vault transit auto unseal cluster is not receiving requests from transit seal configuration in main cluster (or requests are not being sent)

I am trying to set up auto-unseal for hashicorp vault using the transit secrets engine and two HA clusters. Cluster A is responsible for unsealing cluster B. My issue is that Cluster B (the main ...
Marcus Ruddick's user avatar
0 votes
0 answers
358 views

Rancher RKE2 Cert-manager's Vault issuer says "permission denied"

Does anyone know what's wrong with Rancher RKE2 clusters, please? I've hit strange problems during the deployment of Cert-manager with Vault issuer where Vault gets "permission denied" (or ...
patok's user avatar
  • 692
0 votes
0 answers
368 views

ansible proxmox inventory plugin vault

Hope you're doing well. I got a very basic question about ansible inventory plugins , specifically the proxmox one : https://docs.ansible.com/ansible/latest/collections/community/general/...
infoman33's user avatar
0 votes
0 answers
127 views

Need advice on ansible-pull and vault

Hope you're doing well. I have this design headache My very basic interrogation here is: how can i implement ansible-pull a "secure" way with kiss principle ? For example i use ansible-pull ...
infoman33's user avatar
0 votes
0 answers
439 views

Unable to access keyvault when assigned to group, how to fix that?

I have created a keyvault and added few keys and while creation, provided access to a service principal using azure bicep template. var permissionContributorId = 'f25e0fa2-a7c8-4377-a976-54943a77a395' ...
sardar's user avatar
  • 11
0 votes
0 answers
1k views

Enable Vault JWT using `-tls-skip-verify` with EKS ca.crt fails with `x509: certificate signed by unknown authority`

We need to enable JWT auth in vault which is hosted within our EKS cluster in preparation for using K8s 1.24 OIDC and testing token renewal with Vault. I'm following documentation from a few places: ...
Jim's user avatar
  • 355
0 votes
0 answers
210 views

Apache 2.4 Forward proxy TLS connection refused

I am trying to run hashicorp vault server in a Docker container behind an Apache Forward Proxy (httpd v2.4; running in a container for testing purposes). Vault is set to use AWS KMS for Autounseal. ...
Wanderer's user avatar
  • 133
0 votes
1 answer
430 views

Is HashiCorp Vault the correct tool to store users sensitive information

Is Vault the correct tool to store sensitive information about users, eg. theirs pay rate or personal id? "Normal" employee/user must only have access to his own data but the users with ...
Bonana's user avatar
  • 1
0 votes
1 answer
342 views

Hashicorp Vault - AWS EKS vs EC2

Is it possible to install a Hashicorp Vault cluster to EC2 only or is EKS required and would there be a big advantage to one over the other?
Robben's user avatar
  • 33
0 votes
0 answers
1k views

Deployment not able to spin the hashicorp vault linked containers, how to fix that?

I have followed the steps mentioned in the link Came till the deployment part, last before step. After deployment, the pods status is stuck at creation. kubectl get pods --watch NAME ...
uday's user avatar
  • 412
0 votes
1 answer
2k views

Azure key vault volume not accessible, how to fix that?

I have followed the walkthrough provided in this link And at step 6, I have tried to create a pod with the volume linked to the keyvault. But it is not able to access the volume. kubectl get pods NAME ...
uday's user avatar
  • 412
0 votes
1 answer
32 views

Azure Retention policy for new servers - will the first backup be retained long term

We have an Azure tenancy with a a backup policy doing Daily(retained 30days), weekly (retained 10 weeks), and Annual (triggered on first SAT in JAN, retained for 7 years). I have just migrated a bunch ...
Svend's user avatar
  • 1
0 votes
2 answers
725 views

vault init hangs on kubernetes

I'm trying to set up an autosealing vault cluster in kubernetes but I'm seeing some strange behaviour. I have one vault providing the transit secret to autounseal the second vault . They are running ...
Javier PR's user avatar
  • 101
0 votes
1 answer
2k views

How to Use Azure Key Vault w/ Web App

I have an Azure Web App for a client project. The project also requires Azure SQL Databases and Blob Storage. All pieces mentioned are up and running but we've been told we can't have any password ...
jrd1989's user avatar
  • 688