Skip to content

Instantly share code, notes, and snippets.

@carljavier

carljavier/vault-server-aws.hcl

Last active November 30, 2021 11:47
Show Gist options
  • Save carljavier/de807522bd9088181d1347008e899eec to your computer and use it in GitHub Desktop.
Save carljavier/de807522bd9088181d1347008e899eec to your computer and use it in GitHub Desktop.
Download ZIP
Hashicorp Vault Config - AWS
Raw
vault-server-aws.hcl
ui = true
#mlock = true
disable_mlock = true
storage "raft" {
path = "/opt/vault/data"
retry_join {
auto_join = "provider=aws region=ap-southeast-2 tag_key=App tag_value=vault"
leader_tls_servername = "${SERVERNAME}"
leader_ca_cert_file = "/opt/vault/tls/ca.cert"
}
}
cluster_addr = "https://{{GetPrivateIP}}:8201"
api_addr = "https://${SERVERNAME}:8200"
# HTTPS listener
listener "tcp" {
address = "0.0.0.0:8200"
tls_cert_file = "/opt/vault/tls/tls.crt"
tls_key_file = "/opt/vault/tls/tls.key"
tls_disable_client_certs = "true"
}
# AWS KMS auto unseal
seal "awskms" {
region = "ap-southeast-2"
kms_key_id = "${KMS_ARN}"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment