HashiCorp Vault 1.8.2 with Yandex KMS support
HashiCorp Vault is an open source tool for securely storing and accessing secrets (for example, passwords, certificates, and tokens). The image contains a pre-installed build of HashiCorp Vault with added support for Auto Unseal via Yandex Key Management Service. The build is based on HashiCorp Vault 1.8.2.
How to deploy
- Open HashiCorp Vault with Yandex KMS support in the Yandex.Cloud marketplace.
- Click Run in console and create a VM. In the VM settings, specify a service account if you are going to use Auto Unseal using Yandex Key Management Service.
By default, HashiCorp Vault uses Filesystem Storage Backend, listens on 127.0.0.1:8200 with TLS disabled, and is not available from outside the VM. We recommend that you edit the
/etc/vault.d/vault.hcl configuration file and set up Auto Unseal using Yandex Key Management Service.
After editing the configuration file, restart HashiCorp Vault:
sudo systemctl restart vault
- Secure secrets storage.
- Managing access to secrets.