Ever needed to spin-up a quick Vault cluster to test commands or functionality? Sure, you could spin up minikube and deploy a helm chart, but what if you could do it even faster, without Kubernetes?
Vault actually has some *currently* undocumented command-line options that can save you a ton of time. Read on, brother.
I debated on even writing a post about it because it’s so simple. It’s literally a command-line flag -dev-three-node . Below, I’m redirecting STDERR to STDOUT and redirecting to a file called output, if you’re not a Linux fan.
$ vault server -dev-three-node -dev-root-token-id="root" > output 2>&1 &
I redirect to a file because the output is too fast to catch the needed info. Let’s use head to see the useful bits.
$ head -30 output
==> Vault server configuration:
Cgo: disabled
Cluster Parameters Path: /tmp/vault-test-cluster-282710121
Go Version: go1.16.12
Log Level: info
Node 0 Api Address: https://127.0.0.1:8200
Node 1 Api Address: https://127.0.0.1:8201
Node 2 Api Address: https://127.0.0.1:8202
Version: Vault v1.7.9
Version Sha: 571cd46419fe273d75de1e0d5aa46af60a222961
==> Three node dev mode is enabled
The unseal key and root token are reproduced below in case you
want to seal/unseal the Vault or play with authentication.
Unseal Key 1: +V7oGQ/q3lHGgWoVjRgKxS0OLUs9KZs8aDppOMWcYDFj
Unseal Key 2: ZlmQLgpPohGOAb7m1XUfikiHSneei+AFIwxyqmkNAq5H
Unseal Key 3: tHr08qqUd7GAtcfY+ynqo6+Go2vovj1wbdGIQtSWJ/r0
Root Token: root
Useful env vars:
VAULT_TOKEN=root
VAULT_ADDR=https://127.0.0.1:8200
VAULT_CACERT=/tmp/vault-test-cluster-282710121/ca_cert.pem
==> Vault server started! Log data will stream in below:
Alrighty, let’s just export those variables and we can begin using our cluster!
$ export VAULT_TOKEN=root
$ export VAULT_ADDR=https://127.0.0.1:8200
$ export VAULT_CACERT=/tmp/vault-test-cluster-282710121/ca_cert.pem
Ok, let’s make sure vault is on the same page as us by checking its status.
$ vault status
Key Value
--- -----
Seal Type shamir
Initialized true
Sealed false
Total Shares 3
Threshold 3
Version 1.7.9
Storage Type n/a
Cluster Name vault-cluster-7a71b0b6
Cluster ID 75e763bc-78f1-9783-8cc4-505a5a5861d9
HA Enabled true
HA Cluster https://127.0.0.1:45555
HA Mode active
Active Since 2022-03-09T02:12:27.947440981Z
$
Looks good! We can now start testing whatever we need. In future posts, we’ll explore more of the cluster and play with some of the available vault secrets engines.
Leave a Reply
You must be logged in to post a comment.