TonyNguyen87/Vault.txt

## Vault.txt
// Set up Ubuntu on Ec2 instance

// Install unzip.

sudo apt-get install unzip

// Download Vault and Consul(if necessary)

wget https://releases.hashicorp.com/vault/0.6.2/vault_0.6.2_linux_amd64.zip

wget https://releases.hashicorp.com/consul/0.7.0/consul_0.7.0_linux_amd64.zip

// Unzip Files.

unzip vault_0.6.2_linux_amd64.zip
unzip consul_0.7.0_linux_amd64.zip

// Set Path in .profile

sudo vim .profile
export PATH="$HOME/:$PATH"
source .profile

// Test to make sure Vault and Consul is working

vault
consul

// Create HCL Vault configuration file

sudo vim config.hcl

backend "consul" {
  address = "127.0.0.1:8500"
  path = "vault"
}

listener "tcp" {
 address = "0.0.0.0:8200"
 tls_disable = 1
}

// Set environment variable for Vault address

export VAULT_ADDR=127.0.0.0:8200

// Start Consul Backend Server

consul agent -server -bootstrap-expect 1 -data-dir /tmp/consul

// Start Vault Server

vault server -config=example.hcl

// Check Vault status

vault status

// Response should say server not yet initialized. Do so.

vault init

** Save the keys and token somewhere safe. This will be the only time you will see them all together.**

// Unseal the Vault server with any 3 of the 5 keys 3 times.

vault unseal

Paste key

vault unseal

Paste key

etc..

// Test server connection

curl -X PUT -d "{\"secret_shares\":1, \"secret_threshold\":1}" http://(insert ip):8200/v1/sys/init | json_pp
	// Set up Ubuntu on Ec2 instance

	// Install unzip.

	sudo apt-get install unzip

	// Download Vault and Consul(if necessary)

	wget https://releases.hashicorp.com/vault/0.6.2/vault_0.6.2_linux_amd64.zip

	wget https://releases.hashicorp.com/consul/0.7.0/consul_0.7.0_linux_amd64.zip

	// Unzip Files.

	unzip vault_0.6.2_linux_amd64.zip
	unzip consul_0.7.0_linux_amd64.zip

	// Set Path in .profile

	sudo vim .profile
	export PATH="$HOME/:$PATH"
	source .profile

	// Test to make sure Vault and Consul is working

	vault
	consul

	// Create HCL Vault configuration file

	sudo vim config.hcl

	backend "consul" {
	address = "127.0.0.1:8500"
	path = "vault"
	}

	listener "tcp" {
	address = "0.0.0.0:8200"
	tls_disable = 1
	}

	// Set environment variable for Vault address

	export VAULT_ADDR=127.0.0.0:8200

	// Start Consul Backend Server

	consul agent -server -bootstrap-expect 1 -data-dir /tmp/consul

	// Start Vault Server

	vault server -config=example.hcl

	// Check Vault status

	vault status

	// Response should say server not yet initialized. Do so.

	vault init

	Save the keys and token somewhere safe. This will be the only time you will see them all together.

	// Unseal the Vault server with any 3 of the 5 keys 3 times.

	vault unseal

	Paste key

	vault unseal

	Paste key

	etc..

	// Test server connection

	curl -X PUT -d "{\"secret_shares\":1, \"secret_threshold\":1}" http://(insert ip):8200/v1/sys/init \| json_pp