Highest Voted 'vault' Questions

14

votes

3 answers

HAproxy health check for https backend

I have haproxy configuration that works perfect for vault server in the backend with http configuration and it load balance based on unsealed and active vault server using 200 OK code. This works for http. But we make everything to be https (tls)…

asked Aug 01 '18 at 16:09

Jayabalan Bala

331

14

votes

2 answers

Net bind capability with systemd

I am deploying Goldfish, an interface for Vault, in production on a server dedicated to secrets management. So security is of prime concern here. I am trying to deploy the service with systemd on an Unbuntu 16.04 system, giving it the least possible…

networking security systemd vault

asked Jun 15 '18 at 09:28

Macfli

141

3

votes

1 answer

Hashicorp Vault - Policy restricting one specific sub node in a path

I have a Hashicorp Vault server configured and everything is running great, except for my "deny" policies. I have a 2 level grouping for the majority of secrets, so they follow the structure of: secret/client/environment/* Not all secrets follow…

deny vault

asked Aug 08 '19 at 08:52

PhilHalf

71

3

votes

3 answers

Securing SSL certificate private key with nginx

I've been researching how to secure privaye keys for SSL certificats using nginx as a webserver, but have not been able to find many satisfactory answers. Specifically, for a client who wants to me to deploy a website under their own sub-domain,…

nginx ssl private-key vault

asked Apr 19 '20 at 16:39

Buno

185

2

votes

1 answer

Vault - generate secret without revealing it?

With Hashicorp's Vault, is it possbile to generate a secret without revealing that secret to the user who generated it? Along the lines of: vault generate secret/my/awesome/secret 32 Where it would generate a string of 32 random characters, will…

vault

asked Sep 18 '18 at 00:54

Jeff Welling

442

2

votes

0 answers

Can consul-template fetch Vault servers from consul?

I would like to integrate HashiCorp vault into our current setup of consul + consul-template and was a bit surprised to find no option for consul-template to fetch the vault servers from consul's service discovery. This is the configuration doc…

consul vault

asked Jun 08 '18 at 11:59

Michuelnik

3,558

2

votes

1 answer

HashiCorp Vault - Superusers

I have set up HashiCorp vault in our environment with ldap/active directory and the ssh secrets engine, providing users with a signed cert to access linux servers. I've set up some AD groups, for example: Access - SSH Admin Standard # Gives access…

vault

asked Feb 11 '25 at 09:14

gclark18

123

2

votes

1 answer

How to generate Kubernetes credentials from Vault hosted in another k8S cluster?

I have an unique Hashicorp Vault service running in a Kubernetes cluster. I would like to be able to use Vault to create K8S serviceAccount tokens for several Kubernetes clusters. The Kubernetes Secret Engine seems to be to good way to do it on one…

kubernetes vault

asked Jan 24 '25 at 16:03

Orabîg

259

2

votes

1 answer

What server address do I have to use in the vault issuer configuration file?

I defined and applied a ServiceAccount "service-account-token" : Vault-Config/service-account-token.yaml : apiVersion: v1 kind: ServiceAccount metadata: name: service-account-token automountServiceAccountToken:…

kubernetes vault

asked Sep 12 '24 at 18:11

Raphael10

219

2

votes

2 answers

How to setup Hashicorp Vault Enterprise Secrets Sync with GitHub Enterprise

I am trying to configure the Hashicorp Vault Enterprise Secrets Sync functionality with a GitHub Enterprise instance. However, I do not see a field to configure the base URL of GitHub. It seems to default to github.com, or that's the only…

github vault

asked Jul 02 '24 at 21:40

wsams

161

2

votes

1 answer

Windows Hashicorp Vault client - any way to use TLS certs using secure OS features?

Right now, if I want to use a TLS certificate to authenticate to Vault, I need to have a file with the certificate, and a file with the private key, on my client's filesystem. On Windows, I'm able to use the OS to store certificates and private keys…

windows ssl-certificate vault

asked Aug 08 '22 at 19:34

mfinni

36,892

2

votes

1 answer

Login to HashiCorp Vault with Kubernetes Auth from Pod with Vault CLI

TL;DR: What is the proper way to login from Vault CLI in a Kubernetes Pod using the Kubernetes Auth Method. I want to create regular snapshots from my HashiCorp Vault raft storage. So I created a Kubernetes CronJob running the same image as my Vault…

kubernetes service-accounts vault token

asked Jul 18 '22 at 18:31

Max N.

161
1
5

2

votes

1 answer

hashicorp vault - load pre-existing CA certificate into PKI engine

I'm looking to migrate a process that generates client certificates from a custom root CA into hashicorp vault. The root is already trusted by a lot of applications, so I'd like to import it (or an intermediate) into vault and emit the client…

ssl-certificate certificate-authority pki vault

asked Oct 11 '21 at 22:53

André Fernandes

1,019

2

votes

2 answers

How to run Hashicorp Vault as a service on CentOS in production

I'm running the latest CentOS and I need Hashicorp Vault 1.6.3 to run as a service. I'm currently using the kv/secret background, so I can use Vault kv put secret/test/hello foo=bar In order to store secrets. When running vault as a server, it…

vault

asked Feb 26 '21 at 18:01

farslayer9

29
1
2

2

votes

2 answers

OCSP setup for Vault

I have vault setup running in container for PKI Secrets Engine and would like to add OCSP support for application to check if certificate is not revoked. I didn’t find any explanation on how to setup OCSP for vault also not clear information in any…

ssl-certificate ocsp vault

asked Jun 30 '20 at 14:03

rp346

101
2
5
19

Questions tagged [vault]