Security

The best practices for Hashicorp Vault are to destroy your default root token after you have finished the initial setup of Vault. However, you will still find times when you need a new root token for certain advanced functions. This article describes how to create a new root token using your vault unseal keys. Instructions …

There are many authentication methods for vault. This article descibes how to configure LDAP authentication and Userpass Authentication LDAP Authentication: The following command will configure LDAP to point at a domain controller named mydomaincontroller.mydomain.com. It will then search the search base for groups to the top of mydomain.com domain: vault write auth/ldap/config url=”ldap://mydomaincontroller.mydomain.com:389″ userattr=sAMAccountName userdn=“dc=mydomain,dc=com” …

After the Hashicorp Vault service has been restarted, the password vault is in a sealed state. This means that the encryption keys are not in memory, and the encrypted database on the disk cannot be read. More on this topic can be read here: https://www.vaultproject.io/docs/concepts/seal.html This article will discuss the process for unsealing and re-keying …

This article will describe how to read and write secrets to Vault using the vault CLI and CURL. These instructions are assuming you are on either Linux or Mac OSX. Later we will add instructions for windows. That said, most of the Vault CLI commands should work fine on windows as well. Before you can …

Hashicorp Vault has a variety of ways to access it. You can access it via a CLI client, via the rest API/CURL, and via a third party GUI client. This article will discuss how to set up the CLI and one of the 3rd party GUI’s available on Github. Installing the CLI Client Vault has …