HashiCorp Certified: Vault Associate Certification

Installing Vault

Installing and Running Vault Server

In this guide, we’ll walk through the essential components and steps required to install and run HashiCorp Vault. You’ll learn how to:

  • Prepare your system and environment
  • Create and manage configuration files
  • Initialize, seal, and unseal the Vault
  • Choose storage backends and interfaces

Vault is intentionally platform-agnostic, supporting a wide range of deployment scenarios.

Supported Platforms

The image is a slide titled "Installing Vault," explaining that Vault is platform agnostic and can run on various platforms like Kubernetes, cloud-based machines, VMware virtual machines, physical servers, and laptops.

Vault can run anywhere you need it:

  • Kubernetes (self-hosted or managed services such as AKS, EKS)
  • Cloud-based VMs (AWS EC2, Azure VM, Google Compute Engine)
  • VMware virtual machines
  • Physical servers (for isolated CPU and memory)
  • Local workstations (laptops and desktops for development)

Some security-conscious teams opt for physical servers to isolate Vault’s cryptographic operations.

Supported Operating Systems

The image is a slide titled "Installing Vault," listing operating systems where Vault is available, including macOS, Windows, Linux, FreeBSD, NetBSD, OpenBSD, and Solaris. It features a pixelated design on the right and a cartoon character at the bottom.

Vault binaries are distributed for multiple OS platforms:

Operating SystemTypical Use Case
LinuxProduction servers (Ubuntu, RHEL, etc.)
macOSLocal development on Apple hardware
WindowsDevelopment or Windows-based servers
FreeBSD/NetBSD/OpenBSD/SolarisSpecialized or legacy environments

Enterprises typically deploy Vault on Linux distributions such as Ubuntu, Amazon Linux, CentOS, or Red Hat.

Installation Workflow

The image outlines the steps for installing Vault, including installing Vault, creating a configuration file, initializing Vault, and unsealing Vault. It features a colorful design with a pixelated character in the bottom right corner.

Follow this sequence for a manual deployment or when scripting an automated install:

  1. Install the Vault binary
  2. Create or update the Vault configuration file
  3. Start the Vault server process
  4. Initialize the Vault (generates root tokens and unseal keys)
  5. Unseal Vault (use unseal keys to decrypt the storage)

After unsealing, your Vault instance is ready to store secrets or issue dynamic credentials.

Note

Automating these steps with tools like Terraform, Ansible, or Helm can ensure consistency across environments.

Installing Vault

You can install Vault in several ways: via system packages, Helm charts, or manual download. Choose the method that fits your environment.

Using APT on Debian/Ubuntu

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update
sudo apt-get install vault

This will add the HashiCorp APT repository, refresh your package index, and install the vault CLI into your system PATH.

Using Helm on Kubernetes

helm repo add hashicorp https://helm.releases.hashicorp.com
helm repo update
helm install vault hashicorp/vault --namespace vault --create-namespace

Deploy Vault as a Kubernetes Deployment with a Service and StatefulSet backing the storage layer.

Manual Download and Installation

The image is a guide for installing Vault, showing three steps: downloading from HashiCorp, unpackaging to a directory, and setting the path to the executable. It features a computer graphic and a character illustration.

# 1. Download the Vault ZIP archive
curl -O https://releases.hashicorp.com/vault/1.12.3/vault_1.12.3_linux_amd64.zip

# 2. Unzip the archive
unzip vault_1.12.3_linux_amd64.zip

# 3. Move the binary to a system PATH location
sudo mv vault /usr/local/bin/

After installation, verify with:

vault --version

Next Steps

  1. Create a Vault configuration file (vault.hcl)
  2. Start the Vault server: vault server -config=vault.hcl
  3. Initialize: vault operator init
  4. Unseal: vault operator unseal

Watch Video

Watch video content

Previous
Vault Interfaces