Deploy a production ready Vault environment with Ansible
- First, you need to install Consul. NOTE: You can use a different storage backend, just be make sure to edit the vaultconfig.hcl files in roles/vaultdeploy/files
- Edit the hosts file to add in the host you are deploying to.
- Run the following command:
ansible-playbook deploy.yml -i hosts - Be sure to save all of the keys that get generated by the
Initialize the Vaultstep. THIS IS EXTREMELY IMPORTANT, if you lose these keys you will not be able to access your vault server. It is reccommended to distribute the keys among people, such that no one person has access to unlocking the entire vault. Keys should be stored with PGP encryption. - Once this is finished, you'll need to unseal the vault. Follow the instructions here. You will need the secrets that you just saved to do this.
At this point, your vault server should be up and running.
Vault itself will vary in the system requirements needed, but as far as the operating system goes, this playbook has only been tested with Debian Jessie. Presumably, it works on at least Ubuntu 16.04, and potentially Ubuntu 14.04, but both are untested. If anyone has success deploying on a different OS, let me know and I will update this.