Demo Vault Helm Installation

In this tutorial, you’ll learn what HashiCorp Vault is, explore various installation methods, and perform a hands-on deployment of Vault in a Kubernetes cluster using the official Helm chart.

What Is Vault?

Vault is a centralized secrets management tool designed for securely storing and accessing sensitive data such as:

Credentials for authenticating users or services
Encryption keys for data encryption and decryption
API tokens, TLS certificates, and other secret types

Vault offers:

A unified REST API for secret management
Fine-grained access control with policies
Detailed audit logging of all operations

For more, visit the HashiCorp Vault Documentation.

Installation Methods

You can install Vault using one of the following approaches:

Method	Description	Example Command
Linux Package Manager	Install via APT or Yum on supported distros	`sudo apt-get install vault`
Precompiled Binary	Download and place in your `PATH`	`wget https://releases.hashicorp.com/vault`
Build from Source	Clone the repo and compile yourself	`go build github.com/hashicorp/vault`

Warning

For production, run Vault in a highly available configuration across multiple hosts. Use a durable storage backend like Consul or AWS S3.

Installing via APT (Ubuntu/Debian)

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install vault

Deploying Vault with Helm

We’ll deploy Vault into Kubernetes using the official Helm chart. Ensure you have:

Kubernetes ≥1.14
Helm 3.x installed
kubectl configured to access your cluster

1. Add the HashiCorp Helm Repository

helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update

2. Review the Vault Helm Chart

Check the chart’s prerequisites and usage on GitHub:

The image shows a GitHub page for the "Vault Helm Chart" repository by HashiCorp, detailing installation and configuration instructions for using Vault on Kubernetes. It includes sections on prerequisites and usage, with a sidebar showing language statistics.

3. Inspect Default Configuration

View the excerpt from values.yaml:

# values.yaml (excerpt)
ui:
  enabled: false
  serviceType: ClusterIP
  serviceNodePort: null

server:
  dataStorage:
    enabled: true
    size: 10Gi

In this demo, we’ll:

Enable the Vault UI
Expose the UI via NodePort
Disable persistent storage (for demo purposes)

Prerequisites Check

# Verify Kubernetes
kubectl version --short
# Verify Helm
helm version --short

Step by Step: Deploying to a Dedicated Namespace

Create and switch to the demo namespace:

kubectl create namespace demo
kubectl config set-context --current --namespace=demo

Install the Vault chart with custom settings:

helm install vault hashicorp/vault --version 0.16.1 \
  --set ui.enabled=true \
  --set ui.serviceType=NodePort \
  --set server.dataStorage.enabled=false

Verify Kubernetes resources:
```
kubectl get all
```
Wait until the vault-0 pod and related components are in the Running state:
```
kubectl get pods
```

Checking Vault Status

Once the pods are running, access the Vault pod and check its seal status:

kubectl exec -it vault-0 -- vault status

You should see output similar to:

Key             Value
---             -----
Seal Type       shamir
Sealed          true
Version         1.8.3
Cluster Name    vault-cluster

Note

Vault is sealed by default. You must initialize and unseal it using key shares and a threshold. These steps can be done via CLI or the UI.

Accessing the Vault UI

The Vault UI is exposed on a NodePort (e.g., 31272). Open your browser to:

http://<your-node-ip>:31272

You will be prompted to set up master keys and a root token:

The image shows a web interface for setting up master keys in HashiCorp Vault, with fields for "Key shares" and "Key threshold," and options to encrypt output and root token with PGP.

References

Watch Video

Watch video content