search

HashiCorp Key Vault access token

Please check below scenarios and choose the one suits your user case.

hashtag
Scenario-1: Existing Hashicorp vault service

  1. token for accessing the existing vault service. Please contact your vault admin for access token.

  2. vault service address of the existing vault service

  3. Complete `ddhub` secret engine creation. You can follow How to create ddhub secret engine step below to do that.

hashtag
Scenario-2: Deploy new HashiCorp vault service and obtain token - run a single container

Please follow below steps to run HashiCorp vault service in a docker container.

In a terminal:

  1. Clone git repository ddhub-client-gatewayarrow-up-right

    git clone https://github.com/energywebfoundation/ddhub-client-gateway.git

  2. Change directory to example directory

    cd ddhub-client-gateway && cd get-started

  3. Start the vault service

    docker compose up vault_demo

  4. You should have the vault service and UI available at port 8200.

  5. On a web browser, enter http://127.0.0.1:8200/ui in the address bar. Follow https://learn.hashicorp.com/tutorials/vault/getting-started-ui?in=vault/getting-started#start-web-uiarrow-up-right starting from step 5. Then, you should have the root_token. The vault server address is http://localhost:8200

  6. Complete `ddhub` secret engine creation. You can follow How to create ddhub secret engine step below to do that.

hashtag
Scenario-3: Deploy new HashiCorp vault service and obtain token - Kubernetes

Please follow the steps below:

  1. Follow Helm chart | Vault | HashiCorp Developerarrow-up-right to deploy a HashiCorp vault service in kubernetes.

  2. Once your vault service is up and running, on a web browser, enter http(s)://YOUR_VAULT_ADDRESS/ui in the address bar. Follow https://learn.hashicorp.com/tutorials/vault/getting-started-ui?in=vault/getting-started#start-web-uiarrow-up-right starting from step 5. Then, you should have the root_token. The vault server address is http://YOUR_VAULT_ADDRESSarrow-up-right

  3. Complete `ddhub` secret engine creation. You can follow How to create ddhub secret engine step below to do that.

hashtag
Creating the ddhub secret engine

ddhub secret engine name needs to align with the value for `SECRET_PREFIX`

There are two options in creating the secret engine:

  1. Creating from CLI Command

  2. Creating from UI

hashtag
Creating the ddhub secret engine from CLI command

Use the following CLI command to create the ddhub secret engine:

vault secrets enable -version=1 -path=ddhub -address="http://127.0.0.1:8200" kv

hashtag
Creating the ddhub secret engine from UI

Below guide is based on vault UI which is accessible at local port 8200. Please follow your vault service’s UI address.

1. Visit the vault service UI at http://localhost:8200arrow-up-right. Key in your token and below screen will be displayed.

2. Click on Enable new engine button and select KV from the list of generic secrets engine options.

3. Click on Next button. Put ddhub as value on Path field and expand the method options, select Version 1.

4. Scroll down and click on Enable the engine button. Finally, on the secret page, the new ddhub secret engine is created and listed as illustrated below.

hashtag
HashiCorp References

PreviousAWS Secrets Manager access credentialsNextInbound and Outbound Connections

Last updated