Create a Vault Cluster on HCP
HashiCorp Cloud Platform (HCP) Vault enables you to quickly deploy a Vault Enterprise cluster in a supported public cloud provider. As a fully managed service, it allows you to leverage Vault as a central secret management service while offloading the operational burden to the Site Reliability Engineering (SRE) experts at HashiCorp.
In this tutorial, you will deploy a Vault Enterprise cluster guided by the HCP portal.
Prerequisites
You will need an HCP account.
Note
Previous experience with Vault and Vault Enterprise are not required to deploy a Vault server in HCP.
Create a Vault cluster
Note
This tutorial assumes you have not previously created HashiCorp Virtual Network (HVN) in your HashiCorp Cloud Platform account.
Launch the HCP Portal and login.
HashiCorp Cloud Platform (HCP) provides your account with an organization. Your account may invite others to join your organization or you may be invited to join other organizations.
Choose your organization.
From the Overview page, click Deploy Vault.
From the Vault overview page you have the option to deploy HCP Vault using a Quick Deploy Template which deploys Vault with a sample configuration or you can choose to Start from scratch which deploys a standard Vault instance with no existing configuration.
For the purposes of these tutorials and learning about Vault, click the Create cluster button under Start from scratch.
Select your preferred cloud provider.
Click the Vault tier pull down menu and select Development.
Tip
The development tier should not be used for production workloads.
Click the Cluster size pull down menu and select Extra Small.
For the development tier, Extra Small is the only available cluster size.
Under the Network section, accept or edit the Network ID, Region selection, and CIDR block for the HVN.
Note
You can learn how to connect to a private HCP Vault cluster on AWS in the Connect an Amazon Transit Gateway to your HashiCorp Virtual Network or Peering an AWS VPC with HashiCorp Cloud Platform (HCP) tutorials, or the Peering an Azure Virtual Network with HashiCorp Cloud Platform (HCP) tutorial for Azure.
Leave Cluster accessibility set to Public.
Security consideration
All new development tier HCP Vault clusters are configured with public access enabled by default. This means clients can connect from anywhere. For production tiers (starter, standard, and plus) private access will be enabled by default. This means you can only connect from a transit gateway or peered VPC (AWS) or VNet (Azure)
Under the Basics section, accept or edit the default Cluster ID (
vault-cluster).
Under Templates, select Start from scratch. Templates provide sample configurations for various use cases.
Click Create cluster.
Wait for the cluster to initialize before proceeding.
Vault cluster overview
The Vault page displays the created Vault cluster. Within that view, the Overview page displays information to help you learn about HCP Vault, Vault configuration, Vault usage, and cluster details. The Access Vault pane contains details that enable you to administer the Vault cluster through the Web UI or command-line interface (CLI).
Note
The cluster is created with a top-level Namespace called
admin. Namespaces
enable you to create isolated Vault environments.
Review the Cluster Details pane.
Cluster details provide helpful information about your HCP Vault cluster.Review the Quick actions pane.
The Quick actions pane provides details for accessing your new
HCP Vault cluster. You can use the Cluster URLs links to Copy
the public or private addresses, and use the Generate token
link to generate a new admin token to perform the initial configuration
of the HCP Vault cluster.
Next steps
You created a new HCP Vault cluster and reviewed the information provided in the HCP portal. Continue with the HCP Vault Quick Start series to learn how to access the HCP Vault.