Initialization
- Initializing the vault prepares the backend storage to receive data
- Only one Initialization required per cluster via a single node
- Creates master key and key shares and root token as well
- There are options to define key shares, threshold, recovery keys and encryption
Vault Configuration File
Section titled “Vault Configuration File”What is configured in file?
- Storage backend
- Listener and ports
- TLS certificates
- Seal type
- Cluster name
- Log level
- UI
- Cluster IP and port
- Telemetry
What is not configured in file?
- Secret engines
- Authentication methods
- Audit devices
- Policies
- Entities and groups
| Command | Effect |
|---|---|
vault server -config PATH | Specify vault configuration while starting vault |
- Use vaut dev mode for testing vault functionality locally, it persists data in memory, not storage backend 🌐
Vault Server in Production Mode
Section titled “Vault Server in Production Mode”- Deploy one or more persistent nodes
- Use a storage backend that meets requirements
- Multiple nodes configured to create a cluster
- Deploy close to the applications
- Automated provisioning of vault and secrets