HashiCorp Cloud Platform (HCP) Vault enables you to quickly deploy a Vault Enterprise cluster in a supported public cloud provider. As a fully managed service, it allows you to leverage Vault as a central secret management service while offloading the operational burden to the Site Reliability Engineering (SRE) experts at HashiCorp.
In this tutorial, you will deploy a Vault Enterprise cluster guided by the HCP portal.
You will need an HCP account.
Previous experience with Vault and Vault Enterprise are not required to deploy a Vault server in HCP.
Note: This tutorial assumes you have not previously created HashiCorp Virtual Network (HVN) in your HashiCorp Cloud Platform account.
Launch the HCP Portal and login.
HashiCorp Cloud Platform (HCP) provides your account with an organization. Your account may invite others to join your organization or you may be invited to join other organizations.
Choose your organization.
From the Overview page, click Deploy Vault.
From the Vault overview page you have the option to deploy HCP Vault using a Quick Deploy Template which deploys Vault with a sample configuration or you can choose to Start from scratch which deploys a standard Vault instance with no existing configuration.
For the purposes of these tutorials and learning about Vault, click the Create cluster button under Start from scratch.
Select your preferred cloud provider.
HCP Vault on Azure is currently in beta. Only development tier clusters are currently available. Steps in later tutorials may not yet be available for HCP Vault clusters on Azure.
Click the Vault tier pull down menu and select Development.
The development tier should not be used for production workloads.
Click the Cluster size pull down menu and select Extra Small.
For the development tier, Extra Small is the only available cluster size.
Under the Network section, accept or edit the name, region, and CIDR block for the HashiCorp Virtual Network (HVN).
All new development tier HCP Vault clusters are configured with public access enabled by default. For production tiers (starter, standard, and plus) public access will be disabled by default.
Note: You can learn how to connect to a private HCP Vault cluster on AWS in the Connect an Amazon Transit Gateway to your HashiCorp Virtual Network or Peering an AWS VPC with HashiCorp Cloud Platform (HCP) tutorials, or the Peering an Azure VIrtual Network with HashiCorp Cloud Platform (HCP) tutorial for Azure.
Under the Basics section, accept or edit the default Cluster ID (
Under Templates, select Start from scratch.
Note: The Key-vault secrets template deploys a Vault instance with a sample configuration. For the purposes of this tutorial, you select Start from scratch so you can learn how to configure Vault.
Click Create cluster.
Wait for the cluster to initialize before proceeding.
The Vault page displays the created Vault cluster. Within that view, the Overview page displays information to help you learn about HCP Vault, Vault configuration, Vault usage, and cluster details. The Access Vault pane contains details that enable you to administer the Vault cluster through the Web UI or command-line interface (CLI).
NOTE: The cluster is created with a top-level Namespace called
enable you to create isolated Vault environments.
Review the Cluster Details pane. Cluster details provide helpful information about your HCP Vault cluster.
Review the Quick actions pane. The Quick actions pane provides details for accessing your new HCP Vault cluster. You can use the Cluster URLs links to Copy the public or private addresses, and use the Generate token link to generate a new admin token to perform the initial configuration of the HCP Vault cluster.
You created a new HCP Vault cluster and reviewed the information provided in the HCP portal. Continue with the HCP Vault Quick Start series to learn how to access the HCP Vault.