Vault
Create an HCP Vault Dedicated cluster
HashiCorp Cloud Platform (HCP) Vault enables you to deploy a Vault Enterprise cluster in a supported public cloud provider. As a fully managed service, you can use Vault as a central secret management service while offloading the operational burden to the Site Reliability Engineering (SRE) experts at HashiCorp.
Previous experience with Vault and Vault Enterprise is not required to deploy a Vault cluster in HCP.
In this tutorial, you will deploy a Vault Enterprise cluster guided by the HCP portal.
Prerequisites
- Access to an HCP account.
Create a Vault cluster
Note
This tutorial assumes you have not created a HashiCorp Virtual Network (HVN) in your HashiCorp Cloud Platform account.
Launch the HCP Portal and log in.
If you have logged in before, the portal opens the last project you were in. Navigate back to the organization level from the breadcrumbs, or click on the HashiCorp icon at the top-left to choose another organization.
Click on the HashiCorp icon to list your organizations, and select the organization to create an HCP Vault Dedicated cluster in.
HashiCorp Cloud Platform (HCP) provides your account with an organization. Your account may invite others to join your organization or you may be invited to join other organizations.
Click Projects, and select the target project.
- Click + Create project.
- Enter the Project name and Project description.
- Click Create project to complete.
You can use projects to separate access within an organization, such as by team, use cases, or environment (for example, development, staging, production, etc.).
From the Overview page, click Get started with Vault.
From the Vault overview page, you have the option to deploy Vault Dedicated using a Quick Deploy Template which deploys Vault with a sample configuration, or you can choose to Start from scratch which deploys a standard Vault instance with no existing configuration.
For the purposes of these tutorials and learning about Vault, click the Create cluster button under Start from scratch.
Select your preferred cloud provider.
Click the Vault tier pull-down menu and select Development.
Tip
Do not use the development tier for production workloads.
Click the Cluster size pull-down menu and select Extra Small.
For the development tier, Extra Small is the only available cluster size.
Under the Network section, accept or edit the Network ID, Region selection, and CIDR block for the HVN.
Note
You can learn how to connect to a private Vault Dedicated cluster on AWS in the Connect an Amazon Transit Gateway to your HashiCorp Virtual Network or Peering an AWS VPC with HashiCorp Cloud Platform (HCP) documentation, or the Peering an Azure Virtual Network with HashiCorp Cloud Platform (HCP) documentation for Azure.
Under the Basics section, accept or edit the default Cluster ID (
vault-cluster
).Under Templates, select Start from scratch. Templates give sample configurations for various use cases.
Click Create cluster.
Wait for the cluster to initialize before proceeding.
Once cluster provisioning completes, refresh the page.
Click Cluster networking. The cluster networking page allows you to configure whether the cluster is publicly accessible.
By default, all development tier clusters are publicly accessible. All production tier clusters turn off public access by default.
The IP Allow list allows you to add specific IP addresses or CIDR ranges that can access the Vault Dedicated cluster's public endpoint (if you enabled public access).
You can also enable or disable the HCP Proxy. The proxy allows you to access the Vault user interface if you do turn off public access.
Click Overview to return to the Vault cluster overview page.
Vault cluster overview
The Vault page displays the created Vault cluster. Within that view, the Overview page displays information to help you learn about Vault Dedicated, Vault configuration, Vault usage, and cluster details. The Access Vault pane has details that enable you to administer the Vault cluster through the Web UI or command-line interface (CLI).
Note
The cluster starts at the top-level namespace called
admin
. Namespaces
enable you to create isolated Vault environments. Refer to the
HCP Vault Dedicated namespace considerations
tutorial
to learn more.
Review the Cluster Details pane.
Cluster details give helpful information about your Vault Dedicated cluster.
Review the Quick actions pane.
The Quick actions pane provides details for accessing your new Vault Dedicated cluster. You can use the Cluster URLs links to copy the public or private addresses, and use the Generate token link to generate a new admin token to perform the initial configuration of the Vault Dedicated cluster.
Summary
You created a Vault Dedicated cluster using the HCP Portal and reviewed details about the cluster.