-
Create a /etc/vault/config.hcl file and add the contents as shown below:
# vi /etc/vault/config.hcl
# press i then paste the below contents as shown below:
#Enable Vault UI
ui = true
Update slot no. and slot PIN according to your setup
-
Create a vault file
/etc/sysconfig/vaultand copy the contents from/etc/profile.d/vault.sh.
# cp /etc/profile.d/vault.sh /etc/sysconfig/vault
-
Create a
/etc/systemd/system/vault.servicefile and add the following information to the file.
# vi /etc/systemd/system/vault.service [Unit]
Description="HashiCorp Vault" Requires=network-online.target After=network-online.target ConditionFileNotEmpty=/etc/vault/config.hcl [Service]
User=vault Group=vault
EnvironmentFile=/etc/sysconfig/vault
ExecStart=/usr/local/bin/vault server -config=/etc/vault/config.hcl StandardOutput=/opt/vault/logs/output.log StandardError=/opt/vault/logs/error.log
ExecReload=/bin/kill --signal -HUP $MAINPID KillMode=process
Restart=on-failure RestartSec=5 TimeoutStopSec=30 StartLimitInterval=60 StartLimitBurst=3
AmbientCapabilities=CAP_IPC_LOCK LimitNOFILE=65536
LimitMEMLOCK=infinity [Install]
WantedBy=multi-user.target
If deploying on a server with more than two CPUs, you may increase the value of Environment=GOMAXPROCS accordingly.
-
If you are setting paths other than the default, you must also edit the following lines in the configuration file.
ConditionFileNotEmpty=/etc/vault/config.hcl EnvironmentFile=-/etc/sysconfig/vault
ExecStart=/opt/vault/bin/vault server -config=/etc/vault/config.hcl StandardOutput=/opt/vault/logs/output.log StandardError=/opt/vault/logs/error.log