Vault¶
Introduction¶
Warning
IN BETA RELEASE, CHANGES IN IMPLEMENTATION MAY YET COME IN FURTHER RELEASES
What is Vault ?¶
Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing.
What is it used for ?¶
It is currently used in the Genvid Stack as a secure Key/Value Store and a way of securing accesses to the Key/Value store for Genvid services.
How do you store custom secrets into the Vault ?¶
Custom secrets can be imported into the Vault through the stream.hcl file that is used to define a projects. We support a new secrets structure that will be imported into the Vault when the project is imported.
Here is an example of the secrets structure in stream.hcl:
secrets {
disco {
GENVID_DISCO_SECRET = "secrettochange"
}
command {
GENVID_COMMAND_SECRET = "anothersecret"
}
}
This will get translated in the Vault key/value store into the following keys:
secret/disco/GENVID_DISCO_SECRET="secrettochange"
secret/command/GENVID_COMMAND_SECRET="anothersecret"
Troubleshooting Vault¶
Is the Vault process started ?¶
You can use the command line tools to check for the process status via :
py local.py status
Which would either return vault is not started or vault.exe running
depending on the status of the Vault process.
How to check if the Vault is unsealed and ready to process requests ?¶
You could also check for the status of the Vault service through the Consul-UI Web interface. You can open it up automatically with the command:
py local.py open consul-ui
You can then click on the Services section and click on the Vault service which will display the Vault health checks on the right side of the window.
The second check “Vault Sealed Status” is the interesting one as it checks if the Vault is unsealed and able to process requests. The check is green if the Vault is unsealed and orange and in critical state if it is sealed or unavailable. If you click on the name of the check, you can get more information about the result of the check.
If the vault service is not available on the left side it would mean that there was an issue in the setup of Vault as it could not register into Consul.
How to interact with the Vault manually ?¶
You can recuperate information to interact with the Vault manually once the environment has been setup properly via the command:
py local.py env
The values you are interested in are VAULT_ADDR, VAULT_KEYS, VAULT_TOKEN. Please note that these values are only accessible in the local mode right now.