Ever needed to spin-up a quick Vault cluster to test commands or functionality? Sure, you could spin up
minikube and deploy a helm chart, but what if you could do it even faster, without Kubernetes?
Vault actually has some *currently* undocumented command-line options that can save you a ton of time. Read on, brother.
I debated on even writing a post about it because it’s so simple. It’s literally a command-line flag
-dev-three-node . Below, I’m redirecting
STDOUT and redirecting to a file called
output, if you’re not a Linux fan.
$ vault server -dev-three-node -dev-root-token-id="root" > output 2>&1 &
I redirect to a file because the output is too fast to catch the needed info. Let’s use
head to see the useful bits.
$ head -30 output ==> Vault server configuration: Cgo: disabled Cluster Parameters Path: /tmp/vault-test-cluster-282710121 Go Version: go1.16.12 Log Level: info Node 0 Api Address: https://127.0.0.1:8200 Node 1 Api Address: https://127.0.0.1:8201 Node 2 Api Address: https://127.0.0.1:8202 Version: Vault v1.7.9 Version Sha: 571cd46419fe273d75de1e0d5aa46af60a222961 ==> Three node dev mode is enabled The unseal key and root token are reproduced below in case you want to seal/unseal the Vault or play with authentication. Unseal Key 1: +V7oGQ/q3lHGgWoVjRgKxS0OLUs9KZs8aDppOMWcYDFj Unseal Key 2: ZlmQLgpPohGOAb7m1XUfikiHSneei+AFIwxyqmkNAq5H Unseal Key 3: tHr08qqUd7GAtcfY+ynqo6+Go2vovj1wbdGIQtSWJ/r0 Root Token: root Useful env vars: VAULT_TOKEN=root VAULT_ADDR=https://127.0.0.1:8200 VAULT_CACERT=/tmp/vault-test-cluster-282710121/ca_cert.pem ==> Vault server started! Log data will stream in below:
Alrighty, let’s just export those variables and we can begin using our cluster!
$ export VAULT_TOKEN=root $ export VAULT_ADDR=https://127.0.0.1:8200 $ export VAULT_CACERT=/tmp/vault-test-cluster-282710121/ca_cert.pem
Ok, let’s make sure vault is on the same page as us by checking its status.
$ vault status Key Value --- ----- Seal Type shamir Initialized true Sealed false Total Shares 3 Threshold 3 Version 1.7.9 Storage Type n/a Cluster Name vault-cluster-7a71b0b6 Cluster ID 75e763bc-78f1-9783-8cc4-505a5a5861d9 HA Enabled true HA Cluster https://127.0.0.1:45555 HA Mode active Active Since 2022-03-09T02:12:27.947440981Z $
Looks good! We can now start testing whatever we need. In future posts, we’ll explore more of the cluster and play with some of the available vault secrets engines.