Thomas's place

wget https://releases.hashicorp.com/vault/1.8.5/vault_1.8.5_linux_amd64.zip

Unzip that bad boy:

unzip vault_1.8.5_linux_amd64.zip

ow, let’s move the Vault binary to the /usr/bin directory:

sudo mv vault /usr/bin/

Double-check that everything went smoothly by running:

vault --version

We’re going to create a special user and group just for Vault:

sudo useradd --system --home /etc/vault --shell /bin/false vault

Time to make some directories for Vault’s configs, data, and logs:

sudo mkdir --parents /etc/vault /var/lib/vault /var/log/vault

We need to make sure the vault user and group own these directories:

sudo chown --recursive vault:vault /etc/vault /var/lib/vault /var/log/vault

Set the permissions straight for these directories:

sudo chmod 750 /etc/vault /var/lib/vault /var/log/vault

Let’s create the config file for Vault:

sudo nano /etc/vault/config.hcl

Open it up and put in the following config (replace your_ip_address with your server’s IP address):

storage "file" {
path = "/var/lib/vault"
}

listener "tcp" {
address = "your_ip_address:8200"
tls_disable = 1
}

api_addr = "http://your_ip_address:8200"
disable_mlock = true

We’re almost there! Time to set up the systemd service file:

sudo nano /etc/systemd/system/vault.service

Take this config and paste it in:

[Unit]
Description=Vault secret management tool
Requires=network-online.target
After=network-online.target

[Service]
User=vault
Group=vault
ExecStart=/usr/bin/vault server -config=/etc/vault/config.hcl -log-level=info
ExecReload=/bin/kill --signal HUP $MAINPID
KillMode=process
Restart=on-failure

[Install]
WantedBy=multi-user.target

We’re in the homestretch! Reload systemd and start the Vault service:

sudo systemctl daemon-reload
sudo systemctl enable vault.service --now

That’s it, my friend! Your Vault server is good to go. To check its status, use this command:

systemctl status vault

If you need a hand or run into any issues, feel free to holler. Happy Vaulting!