{"id":23317919,"url":"https://github.com/chintanboghara/hashicorp-vault-integration-devmodeenv","last_synced_at":"2025-04-07T04:52:47.507Z","repository":{"id":268394946,"uuid":"904206816","full_name":"chintanboghara/HashiCorp-Vault-Integration-DevMoDeEnV","owner":"chintanboghara","description":"Set up HashiCorp Vault on an EC2 instance, configure access for Terraform and Ansible, and integrate secrets management into infrastructure automation processes.","archived":false,"fork":false,"pushed_at":"2024-12-16T14:28:46.000Z","size":12,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-07T04:52:42.567Z","etag":null,"topics":["aws","ec2","hashicorp","ubuntu","vault"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/chintanboghara.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-16T12:57:16.000Z","updated_at":"2024-12-16T14:29:46.000Z","dependencies_parsed_at":"2024-12-16T15:28:10.109Z","dependency_job_id":null,"html_url":"https://github.com/chintanboghara/HashiCorp-Vault-Integration-DevMoDeEnV","commit_stats":null,"previous_names":["chintanboghara/hashicorp-vault-installation-on-aws-ec2","chintanboghara/hashicorp-vault"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chintanboghara%2FHashiCorp-Vault-Integration-DevMoDeEnV","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chintanboghara%2FHashiCorp-Vault-Integration-DevMoDeEnV/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chintanboghara%2FHashiCorp-Vault-Integration-DevMoDeEnV/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/chintanboghara%2FHashiCorp-Vault-Integration-DevMoDeEnV/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/chintanboghara","download_url":"https://codeload.github.com/chintanboghara/HashiCorp-Vault-Integration-DevMoDeEnV/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247595382,"owners_count":20963943,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","ec2","hashicorp","ubuntu","vault"],"created_at":"2024-12-20T17:14:31.137Z","updated_at":"2025-04-07T04:52:47.485Z","avatar_url":"https://github.com/chintanboghara.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Vault Integration Development Environments\n\n## Instructions for Installing and Running HashiCorp Vault on an AWS EC2 Instance\n\n### 1. Create an AWS EC2 Instance with Ubuntu\n- Launch an EC2 instance with an Ubuntu AMI.\n- Make sure to configure the appropriate security group to allow SSH access and inbound traffic on port 8200 for Vault access.\n\n### 2. Install Vault on the EC2 Instance\n\n1. **SSH into your EC2 instance**:\n   ```bash\n   ssh -i your-key.pem ubuntu@your-ec2-public-ip\n   ```\n\n2. **Install Vault by running the following commands**:\n   ```bash\n   wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg\n   echo \"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main\" | sudo tee /etc/apt/sources.list.d/hashicorp.list\n   sudo apt update \u0026\u0026 sudo apt install vault\n   ```\n\n### 3. Start Vault\n\n1. **Start Vault in development mode**:\n   ```bash\n   vault server -dev -dev-listen-address=\"0.0.0.0:8200\"\n   ```\n\n   This starts Vault in development mode and listens on all IPs at port 8200.\n\n   **Warning**: Development mode should **NOT** be used in production environments.\n\n2. After running the command, Vault will output the **Unseal Key** and **Root Token**. These are necessary for unsealing and accessing the Vault UI:\n   ```\n   The unseal key and root token are displayed below in case you want to\n   seal/unseal the Vault or re-authenticate.\n\n   Unseal Key: Dvq9kuZoZ9Vj**********LBaCpaBUV+L6c1mxO8s5Y=\n   Root Token: hvs.DcJ****P61qBZ2M****5rfs7\n   ```\n\n   - **Unseal Key**: Used to unseal Vault after it has been sealed.\n   - **Root Token**: Used for initial login to Vault with root access.\n\n### 4. Access Vault from Browser\n\n1. **Open the EC2 instance's Security Groups** and add an inbound rule to allow traffic on port 8200:\n   - Type: **Custom TCP**\n   - Port: **8200**\n   - Source: **0.0.0.0/0** (or restrict to specific IPs)\n\n2. **Access Vault** by opening your browser and navigating to:\n   ```\n   http://\u003cec2-public-ip\u003e:8200\n   ```\n\n   Use the **Root Token** from the terminal output to log in as the root user.\n\n   ![log in](https://github.com/user-attachments/assets/f6e7b8a8-fd57-494a-89ce-dd1a75235d2e)\n\n   ![UI](https://github.com/user-attachments/assets/7776fd6b-34b5-4c84-8656-56b48ec107c1)\n\n   ![Secrets Engine](https://github.com/user-attachments/assets/1eeb64fc-7f9a-4ab6-8035-f51d906a99b8)\n\n   ![Enable a Secrets Engine](https://github.com/user-attachments/assets/3fbf0ce2-3ddc-4bf1-a85d-2b0de5d2c60f)\n\n   ![image](https://github.com/user-attachments/assets/bbaced97-3318-4807-b41e-4ffb6dce34f8)\n\n   ![image](https://github.com/user-attachments/assets/199dd612-9abe-4725-bf76-77f3d1880148)\n\n### 5. Create a Secret in KV\n\n1. Navigate to the **Secrets Engines** section in the Vault UI.\n2. Enable a **KV Secrets Engine** and create a secret.\n\n   ![Create a Secret](https://github.com/user-attachments/assets/eb596c4e-16b7-4889-bb1b-c28eaa23ffc8)\n\n   ![Secret Engine](https://github.com/user-attachments/assets/b5286de9-7835-477c-b85b-ddc018db72fb)\n\n### 6. Grant Access to Terraform or Ansible via Vault\n\nSimilar to **IAM Roles** in AWS, in Vault, we create **roles** and assign **policies** to manage access. This is how we control access for Terraform and Ansible:\n\n   ![image](https://github.com/user-attachments/assets/a1afce53-1ba6-41a9-aa6b-53ae391c9896)\n\n   Use **AppRole-based authentication** for Terraform and Ansible integration:\n   ![AppRole](https://github.com/user-attachments/assets/1d502d5d-57b9-44e5-93d2-acd5478d3e3c)\n\n   ![AppRole Details](https://github.com/user-attachments/assets/b34a5a6a-3742-4897-a664-e1259ba9cdc8)\n\n   ![Role Config](https://github.com/user-attachments/assets/ef3e54f4-b40b-4c98-a8ca-7c3551e51af3)\n\n### 7. Create Roles Using the CLI\n\nWe cannot create roles via the Vault UI. Use the Vault CLI for this:\n\n1. **Enable AppRole Authentication**:\n   ```bash\n   vault auth enable approle\n   ```\n\n2. **Create a Policy**:\n   Create a policy that allows the AppRole to access necessary paths:\n   ```bash\n   vault policy write terraform - \u003c\u003cEOF\n   path \"*\" {\n     capabilities = [\"list\", \"read\"]\n   }\n\n   path \"secrets/data/*\" {\n     capabilities = [\"create\", \"read\", \"update\", \"delete\", \"list\"]\n   }\n\n   path \"kv/data/*\" {\n     capabilities = [\"create\", \"read\", \"update\", \"delete\", \"list\"]\n   }\n\n   path \"secret/data/*\" {\n     capabilities = [\"create\", \"read\", \"update\", \"delete\", \"list\"]\n   }\n\n   path \"auth/token/create\" {\n     capabilities = [\"create\", \"read\", \"update\", \"list\"]\n   }\n   EOF\n   ```\n\n3. **Create the AppRole**:\n   ```bash\n   vault write auth/approle/role/terraform \\\n       secret_id_ttl=10m \\\n       token_num_uses=10 \\\n       token_ttl=20m \\\n       token_max_ttl=30m \\\n       secret_id_num_uses=40 \\\n       token_policies=terraform\n   ```\n\n4. **Generate Role ID and Secret ID**:\n\n   - **Generate Role ID**:\n     ```bash\n     vault read auth/approle/role/terraform/role-id\n     ```\n\n   - **Generate Secret ID**:\n     ```bash\n     vault write -f auth/approle/role/terraform/secret-id\n     ```\n\n   Save both **Role ID** and **Secret ID** securely. These will be used for authentication in Terraform.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchintanboghara%2Fhashicorp-vault-integration-devmodeenv","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fchintanboghara%2Fhashicorp-vault-integration-devmodeenv","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fchintanboghara%2Fhashicorp-vault-integration-devmodeenv/lists"}