https://github.com/chintanboghara/hashicorp-vault-integration-devmodeenv
Set up HashiCorp Vault on an EC2 instance, configure access for Terraform and Ansible, and integrate secrets management into infrastructure automation processes.
https://github.com/chintanboghara/hashicorp-vault-integration-devmodeenv
aws ec2 hashicorp ubuntu vault
Last synced: about 1 year ago
JSON representation
Set up HashiCorp Vault on an EC2 instance, configure access for Terraform and Ansible, and integrate secrets management into infrastructure automation processes.
- Host: GitHub
- URL: https://github.com/chintanboghara/hashicorp-vault-integration-devmodeenv
- Owner: chintanboghara
- Created: 2024-12-16T12:57:16.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-12-16T14:28:46.000Z (over 1 year ago)
- Last Synced: 2025-04-07T04:52:42.567Z (about 1 year ago)
- Topics: aws, ec2, hashicorp, ubuntu, vault
- Homepage:
- Size: 11.7 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Vault Integration Development Environments
## Instructions for Installing and Running HashiCorp Vault on an AWS EC2 Instance
### 1. Create an AWS EC2 Instance with Ubuntu
- Launch an EC2 instance with an Ubuntu AMI.
- Make sure to configure the appropriate security group to allow SSH access and inbound traffic on port 8200 for Vault access.
### 2. Install Vault on the EC2 Instance
1. **SSH into your EC2 instance**:
```bash
ssh -i your-key.pem ubuntu@your-ec2-public-ip
```
2. **Install Vault by running the following commands**:
```bash
wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vault
```
### 3. Start Vault
1. **Start Vault in development mode**:
```bash
vault server -dev -dev-listen-address="0.0.0.0:8200"
```
This starts Vault in development mode and listens on all IPs at port 8200.
**Warning**: Development mode should **NOT** be used in production environments.
2. After running the command, Vault will output the **Unseal Key** and **Root Token**. These are necessary for unsealing and accessing the Vault UI:
```
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: Dvq9kuZoZ9Vj**********LBaCpaBUV+L6c1mxO8s5Y=
Root Token: hvs.DcJ****P61qBZ2M****5rfs7
```
- **Unseal Key**: Used to unseal Vault after it has been sealed.
- **Root Token**: Used for initial login to Vault with root access.
### 4. Access Vault from Browser
1. **Open the EC2 instance's Security Groups** and add an inbound rule to allow traffic on port 8200:
- Type: **Custom TCP**
- Port: **8200**
- Source: **0.0.0.0/0** (or restrict to specific IPs)
2. **Access Vault** by opening your browser and navigating to:
```
http://:8200
```
Use the **Root Token** from the terminal output to log in as the root user.






### 5. Create a Secret in KV
1. Navigate to the **Secrets Engines** section in the Vault UI.
2. Enable a **KV Secrets Engine** and create a secret.


### 6. Grant Access to Terraform or Ansible via Vault
Similar to **IAM Roles** in AWS, in Vault, we create **roles** and assign **policies** to manage access. This is how we control access for Terraform and Ansible:

Use **AppRole-based authentication** for Terraform and Ansible integration:



### 7. Create Roles Using the CLI
We cannot create roles via the Vault UI. Use the Vault CLI for this:
1. **Enable AppRole Authentication**:
```bash
vault auth enable approle
```
2. **Create a Policy**:
Create a policy that allows the AppRole to access necessary paths:
```bash
vault policy write terraform - <