Install HashiCorp Vault on Windows 11

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
are going to install Vault from hashicorp on Windows 11. stick around until the end of the video and I'll give you a bonus tip to more securely store your secret data in the ball we'll install the free open source version of the hashicorp tool called Vault let's open a browser and search for hashicorp Vault download we'll click the first link that says install vault on the installation page we see the latest version is 1.13.3 and it's available for a variety of platforms including Windows Mac OS lots of flavors of Linux and Unix nice to see you Solaris we'll be installing on Windows 11 so let's click the windows link I'm running a 64-bit version of Windows 11. so let's select the download AMD 64 link all comes packaged as a zip file which will end up in our downloads directory when it's finished let's click on the download and select show in folder in our Explorer window let's right click on the download and select extract all dot dot we'll accept the default destination and click extract that will pop up a new Explorer window with the contents of the zip file and compressed into a directory under the downloads folder surprisingly the entire download consists of just a single executable file called Vault let's move that over and then drill into our C drive in the projects directory and then in the other window let's go up one level until we see the uncompressed directory and simply drag and drop that into our projects directory if we go into the folder we see our single file vault.exe all right let's close our explore windows and browser let's open a command window while seating into the Project's Vault directory we just created and let's run the command Vault space version and we see that we have version 1.13.3 available to us believe it or not it's installed at least at a very basic level we can add it to our executable path and do some other things but for our purposes it's installed let's see what commands are available to us by entering Vault space server space Dash help and we see lots of different modes we can run the tool in we're just setting it up for development use this means all our secrets will be managed in memory so when we shut the instance down all our information will be lost to start our server up in Dev mode we'll enter Vault space server space Dash Dev and we get a lot of information on the screen the most important things we see are vault is unsealed this means the Vault server has been initialized and unsealed allowing access to its secrets when in a sealed State access to Secrets is restricted we also see successful amount meaning the secrets engine has been configured and enabled for use we see the warning about the fact that everything is in memory and will be lost and finally we see the Vault Adder value it's something called a root token Vault Adder is the address or URL of the Vault server the root token is a highly privileged token that serves as the initial Master token created during vault's initialization using this credential you have access to all the secrets and administrative functions within the Vault system we'll leave the instance running in this window however to send a commands we'll need to open another window because it's not in our path I'll need to change directories to the location where the vault.exe file is located right now in our new window it doesn't know that we have an instance of all running so we have to tell it where to look we'll do that by setting the environment variable Vault Adder equal to 127.0.0.1 colon 8200 where the server is listing next we'll need the root token to access the vault keep in mind we're running in Dev mode the root token would normally not be available to us or treated so casually this should be kept confidential since it provides root level privileges on the Vault and allows us to do anything to the Vault and its secrets for now we'll make a copy of it and set the environment variable Vault token equal to its value now if we run the ball command in the second window we're able to make a successful connection to default server we have running the command Vault Secrets list shows us a list of the enabled secret engines within the Vault server and their Mount paths we will focus on the KV type or key value which allows us to store key value pairs in the bulb notice the mount point for this is Secret so before we continue let's pause for a moment and ask what kind of data should we store in the vault the vault is for securely storing and accessing secrets in this context a secret is anything you want to control access to such things could be API Keys passwords certificates and other sensitive information also provide unified access to any secret as well as tight access controls and detailed audit logs we'll be using the KV or key value Secrets engine let's see what subcommands are available to us by entering Vault space KV we see lots of sub commands including delete destroy get and so on let's use the commands to see how we can form the crud operations create retrieve update and even delete out of all our first operation Will Be an Effective create command to do that we'll enter Vault KV put Dash Mount equals Secret my awesome app slash creds dbid equals admin dbpid equals mypass 01. so let's break that command down piece by piece Vault KV put invokes the Vault command KV specifies key value Secrets will be used for storage and put is our sub command in effect the put sub command is the create for a vault it encrypts the data we supplied and stores it in the vault Mount equals secret specifies the mount point of the KV Secrets engine my awesome app slash creds is the path where the secret will be stored in the KV Secrets engine and allows us to refer to our secret when we want to retrieve update or delete it later dbid equals admin and DBP ID equals mypass 01. are the key value pairs representing the secrets to be stored in our case we have two key value pairs to be stored when we hit enter we see a date for the created time no metadata was created the value has not been deleted or destroyed and the version is one we'll see what some of this means as we continue with our example no errors were produced so we must have created something right now let's run the command to get the data back out by entering Vault KV get Dash Mount equals secret my awesome app slash creds and press enter and we get the same metadata information again but this time we get a new block called Data it has our key value pairs that we entered for our user ID and password so the get subcommand retrieves the data for us because we had the root token available to us we were able to decrypt the values and display them in plain text now let's see how we can update a value to do that we'll enter Vault patch Dash Mount equals Secret my awesome app creds DB ID equals admin and dbpid equals mypass O2 effectively we've changed the password for our account with this patch command we see our metadata once again but this time notice the version says 2. let's recall our get command remember this is the retrieve in our crud calls and let's submit it when we do we get version 2 of our data which includes the new password mypasso2 let's recall that command once again but this time we'll add an optional parameter Dash version equals one with this we're specifying the version of the data we want to see running that command we see the original data value and we also see the version indicating this was the first version let's recall that command once again and change the one to a two and run it again when we do we get the second version of the data which includes the new password what happens if we try entering a version other than one or two let's try entering version three predictably we get an error message at this point we've seen create retrieve and update now let's see how to delete a secret that command will be Vault KV delete Dash Mount equals secret my awesome app creds and we get back an interesting message it says the data was deleted if it existed this is the vault's way of not telling us directly that the data did exist the system doesn't want to tip off the bad guys that they found a valid secret now let's recall our get command again and run it notice now our deletion time is filled in and no data is provided meaning it was deleted at least version two was if we recall the command once again and run the get command we see version 1 of the data including the user ID and password are still present cool so we've seen all the commands necessary to do an effective crud call to default now it's time for the bonus that I promised in the create commands we run our secrets were Exposed on the command line someone could see our Command history they could see that our secrets were exposed so secret after all right let's look at how we can add a secret and not have it exposed in the command history let's enter Vault KV put Dash Mount equals secret my next app token equals Dash and press enter instead of getting back a command prompt we get a new blank line where the vault is waiting for us to enter data let's give our token a value of some awesome token and press enter still waiting the way we can signal that we're done is by pressing Ctrl Z on Windows machine or Ctrl D on a Mac Linux or Unix machine and our secret looks like it was accepted and stored let's verify that by running Vault KV get Dash Mount equals my next app and press return and we get back our token value some awesome token alright that's it if you found this intro to Vault video useful please subscribe to help the channel grow let me know in the comments if you'd like to see more videos on vault that's all for now thanks for watching and remember to always begin secure
Info
Channel: Begin Secure
Views: 1,713
Rating: undefined out of 5
Keywords: hashicorp vault tutorial, hashicorp vault, secrets management, hashicorp vault demo, hashicorp vault setup, secrets management for developers, secrets management strategy, hashicorp vault tutorial for beginners, vault cli, what is hashicorp vault, vault secrets engine, vault, vault api, hashicorp vault install, hashicorpvault, secrets storage, password protection, secure storage, secrets management tool, secrets management vault, hashicorp vault spring boot
Id: Z06BFJY4rWM
Channel Id: undefined
Length: 11min 44sec (704 seconds)
Published: Mon Jun 19 2023
Related Videos
Install the PyCharm on Windows 11: Unleash Your Python Potential
Begin Secure
289
How to Integrate HashiCorp Vault With Jenkins
CloudBeesTV
19K
Introduction to HashiCorp Vault with Armon Dadgar
HashiCorp
198K
Beyond secrets, using Vault to automate PKI
HashiCorp
2.6K
Ansible Vault Step-by-Step Tutorial | Encrypt, Edit, View | --ask-vault-pass | -vault-password-file
Rahul Wagh
6.1K
Best OS for programming? Mac vs Windows vs Linux debate settled
Fireship
281K
Hashicorp Vault - Installation, Operator Seal, Unseal and Login process
Learn with GVR
5.2K
Secret Management with Ansible Vault and docker-compose
KTZ Systems
11K
Windows 10 vs 11 | Speed Test
TrigrZolt
2.9M
HashiCorp Vault Explained in 180 seconds
Cybr
38K
How To Setup Hashicorp Vault: Creating And Accessing Secrets
bitsized tech
12K
Has Generative AI Already Peaked? - Computerphile
Computerphile
233K
Retrieve HashiCorp Vault Secret via API
GitLab Unfiltered
15K
Windows 10 vs 11 | Features & Changes
TrigrZolt
4.8M
HashiCorp Vault Windows Installation - Video 4
SMAC Academy
6.7K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.