Skip to content
Create a Vault instance backed by Consul TLS cluster
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Vault & Consul TLS Bootstrap

This script ( runs through setting up a Vault instance with a Consul cluster for storage, using certificates issued by Vault itself.

It accompanies a blog post which goes into more details of How to build a TLS enabled Consul Cluster with Vault.


Host machine needs:


  • Windows: Hyper-V and an administrative Bash shell
  • Linux: vagrant-libvirt plugin or virtualbox

Environment Variables


If you are running on Windows with Hyper-V, and running from a bash based shell, you can just run the script:

export ROOT_CA_DIR="/keybase/private/<user>/dev-ca"

Otherwise, you will probably want to specify what domain your machines are running under (for example, on Linux I use libvirt with a domain for the machines):

export ROOT_CA_DIR="/keybase/private/<user>/dev-ca"
./ ""

The script will also attempt to find an IP address on your machine that the Vagrant machines can use to talk to the instance of Vault we will run, on Windows it looks for the default Hyper-V switch (vEthernet (Default Switch)) and on Linux uses ip -4 route get 1.

You can override this with the HOST_BIND_ADDRESS environment variable:

export ROOT_CA_DIR="/keybase/private/<user>/dev-ca"
./ ""
You can’t perform that action at this time.