Vault agent¶
Use case¶
Because installing the vault agent just for the sake of it is useless, we are going to try to use the vault agent to dynamically get some consul ACL token so we can configure a local consul agent
This article will not cover the deployment of the consul server.
Required steps¶
- Install vault
- Prepare for a way for the vault to auth against your vault server instance
- Produce an
agent.hclconfiguration - Run vault in agent mode
Installing vault¶
Either download the binary from vault website or install hashicorp repository in your package manager. This blog will provide with all the information you need to set your system.
We'll follow Debian flavoured linux instructions.
-
Install the apt key
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - -
Add the repo
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"If you don't have
lsb_releaseon your system, issueapt install -y lsb-release. -
Update the
aptcache withapt update
Now you should be cleared to install vault with apt install -y vault
Vault agent authentication¶
Vault agent has several ways to establish a secure communication with its server instance. Because we run this in a private lab
we can't leverage any major cloud provider systems. We will go with classic AppRole