Utah Tech Podcast

This article is going to do a walkthrough of how to use Salt to configure Hashicorp Vault. It is going to also use Consul as a backend in this example.

This article assumes that you are familiar with the following:

• Salt
• Vault
• Consul

We are going to do the following things here:

1. Setup Vault (“not in a dev capacity”)
2. Setup Consul systemd unit
3. Setup Vault systemd unit
4. Setup basic Vault policies
5. Setup Salt to talk to Vault

Assumptions I am going to use in this example:

• CentOS Linux release 7.4
• Vault Version: 0.8.3
• Consul Version: 0.9.3

 

Lets get started…

So first I will create a path for the files: In my case it is:

 

In there, I create: consul-app and vault-app folders.

 

Vault Setup:

From there I setup an init.sls file with the following contents:

 

This is going to just be the starting place for the state file. I will be creating a install.sls file to perform the install.

We will need some vault policies, I have defined a generic on here as:

We will need the params file for all of the parameters that have been set:

And at last the pillar data…

Install this in your pillar for the env you are going to run it against(in my case “dev”).

 

 

Consul Setup:

This is a basic consul setup to be able to use Consul as the Vault backend.

With this setup you should have a very basic Vault setup. Beyond this you will need to add some k/v pairs and test out the commands from your salt-master.

An example is:

And dont forget to wire up the salt master for Vault:

https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.vault.html

Hopefully I have not missed anything, if I did please leave a comment and I will update the post.

 

Next up will be InfuxDB, Grafana, and Telegraf…