HashiCorp Vault is an open source tool for securely storing and accessing secrets (for example, passwords, certificates, and tokens).
The image contains a pre-installed build of HashiCorp Vault with added support for Auto Unseal via Yandex Key Management Service. The build is based on HashiCorp Vault 1.17.2.
- Open HashiCorp Vault with Yandex KMS support in the Yandex Cloud marketplace.
- Click Run in console and create a VM. In the VM settings, specify a service account if you are going to use Auto Unseal using Yandex Key Management Service.
By default, HashiCorp Vault uses Filesystem Storage Backend, listens on 127.0.0.1:8200 with TLS disabled, and is not available from outside the VM. We recommend that you edit the /etc/vault.d/vault.hcl
configuration file and set up Auto Unseal using Yandex Key Management Service.
After editing the configuration file, restart HashiCorp Vault:
sudo systemctl restart vault
Yandex Cloud technical support responds to requests 24 hours a day, 7 days a week. The response time depends on your service plan. Learn More. You may also consult community resources.