Vault servers are configured using a configuration file. Usually these configuration files are written in JSON or HCL (HashiCorp Configuration Language) format.
vault.hcl
storage "inmem" { } listener "tcp" { address = "0.0.0.0:8200" tls_disable = 1 } disable_mlock = true
Congifuration file include different stanzas (backend, listener) and parameters (disable_mock) to define configuration options.
Typical configuration file looks like below.
stanza "option" { param1 = value1 ..... paramN = valueN } stanza "option" { param1 = value1 ..... paramN = valueN } ..... ..... stanza "option" { param1 = value1 ..... paramN = valueN } param1=value1 param2=value2
How to start a server using configuration file?
Command to run
vault server -config {congifuration_file}
What are different stanzas that I can specify in configuration file?
a. listener stanza: This stanza configures the addresses and ports on which Vault will respond to requests.
Example
listener "tcp" {
address = "127.0.0.1:8200"
}
b. seal stanza: The seal stanza configures the seal type to use for additional data protection.
Example
seal "alicloudkms" {
region = "us-east-1"
access_key = "0wNEpMMlzy7szvai"
secret_key = "PupkTg8jdmau1cXxYacgE736PJj4cA"
kms_key_id = "08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4fb73"
}
c. storage stanza: Configures storage backend.
Example
storage "file" {
path = "/mnt/vault/data"
}
d. service_registration stanza: configures Vault's mechanism for service registration.
Example
service_registration "consul" {
address = "127.0.0.1:8500"
}
e. telemetry stanza: stanza specifies various configurations for Vault to publish metrics to upstream systems.
Example
telemetry {
statsite_address = "statsite.company.local:8125"
}
You can enable Vault UI by setting below property in configuration file.
ui = true
By default ui is disabled.
You can even specify cluster ip and port details in Vault configuration file.
cluster_name = "my_cluster"
cluster_addr ="statsite.company.local:8125"
You can specify log level.
log_level = "Trace"
log_level can set to Trace, Debug, Error, Warn and Info.
You can specify api address
api_address= https://127.0.0.1:8555
Previous Next Home
No comments:
Post a Comment