UbuntuEvangelist/vault.sh

## vault.sh
wget https://github.com/hashicorp/vault/archive/v1.2.4.zip
unzip v1.2.4.zip
sudo cp -r vault /usr/bin/
sudo mkdir /etc/vault
sudo mkdir /opt/vault-data
sudo mkdir -p /logs/vault/
sudo nano /etc/vault/config.json

# input it and save

{
  "listener": [{
    "tcp": {
      "address" : "0.0.0.0:8200",
      "tls_disable" : 1
    }
  }],
  "api_addr": "http://10.128.0.2:8200",
  "storage": {
     "file": {
       "path" : "/opt/vault/data"
     }
  },
  "max_lease_ttl": "10h",
  "default_lease_ttl": "10h",
  "ui":true
 }


sudo nano /etc/systemd/system/vault.service
# input it and save

[Unit]
Description="HashiCorp Vault - A tool for managing secrets"
Documentation=https://www.vaultproject.io/docs/
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty=/etc/vault.d/vault.hcl
StartLimitIntervalSec=60
StartLimitBurst=3

[Service]
User=vault
Group=vault
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
PrivateDevices=yes
SecureBits=keep-caps
AmbientCapabilities=CAP_IPC_LOCK
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes
ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl
ExecReload=/bin/kill --signal HUP $MAINPID
KillMode=process
KillSignal=SIGINT
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
StartLimitInterval=60
StartLimitIntervalSec=60
StartLimitBurst=3
LimitNOFILE=65536
LimitMEMLOCK=infinity

[Install]
WantedBy=multi-user.target

sudo systemctl start vault.service
sudo systemctl status vault.service
	wget https://github.com/hashicorp/vault/archive/v1.2.4.zip
	unzip v1.2.4.zip
	sudo cp -r vault /usr/bin/
	sudo mkdir /etc/vault
	sudo mkdir /opt/vault-data
	sudo mkdir -p /logs/vault/
	sudo nano /etc/vault/config.json

	# input it and save

	{
	"listener": [{
	"tcp": {
	"address" : "0.0.0.0:8200",
	"tls_disable" : 1
	}
	}],
	"api_addr": "http://10.128.0.2:8200",
	"storage": {
	"file": {
	"path" : "/opt/vault/data"
	}
	},
	"max_lease_ttl": "10h",
	"default_lease_ttl": "10h",
	"ui":true
	}


	sudo nano /etc/systemd/system/vault.service
	# input it and save

	[Unit]
	Description="HashiCorp Vault - A tool for managing secrets"
	Documentation=https://www.vaultproject.io/docs/
	Requires=network-online.target
	After=network-online.target
	ConditionFileNotEmpty=/etc/vault.d/vault.hcl
	StartLimitIntervalSec=60
	StartLimitBurst=3

	[Service]
	User=vault
	Group=vault
	ProtectSystem=full
	ProtectHome=read-only
	PrivateTmp=yes
	PrivateDevices=yes
	SecureBits=keep-caps
	AmbientCapabilities=CAP_IPC_LOCK
	Capabilities=CAP_IPC_LOCK+ep
	CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
	NoNewPrivileges=yes
	ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl
	ExecReload=/bin/kill --signal HUP $MAINPID
	KillMode=process
	KillSignal=SIGINT
	Restart=on-failure
	RestartSec=5
	TimeoutStopSec=30
	StartLimitInterval=60
	StartLimitIntervalSec=60
	StartLimitBurst=3
	LimitNOFILE=65536
	LimitMEMLOCK=infinity

	[Install]
	WantedBy=multi-user.target

	sudo systemctl start vault.service
	sudo systemctl status vault.service