Skip to content

Latest commit

 

History

History
35 lines (24 loc) · 1.43 KB

how-to-configure-hashicorp-vault.md

File metadata and controls

35 lines (24 loc) · 1.43 KB
Raw

🔨 How to Configure HashiCorp Vault

  1. Configure .env/.env.docker files in auth-service folder
VAULT_PROVIDER = "hashicorp"

{% hint style="info" %} Note: VAULT_PROVIDER can be set to "database" or "hashicorp" to select Database instance or a hashicorp vault instance correspondingly. {% endhint %}

If the VAULT_PROVIDER value is set to "hashicorp" the following 3 parameters should be configured in auth-service folder.

  1. HASHICORP_ADDRESS : http://localhost:8200 for using local vault. For remote vault, we need to use the value from the configuration settings of Hashicorp vault service.
  2. HASHICORP_TOKEN : the token from the Hashicorp vault.
  3. HASHICORP_WORKSPACE : this is only needed when we are using cloud vault for Hashicorp. Default value is "admin".

2. Hashicorp should be configured with the created Key-Value storage, named "secret" by default, with the settingKey=<value> records for the following keys:

  1. OPERATOR_ID
  2. OPERATOR_KEY
  3. IPFS_STORAGE_API_KEY

{% hint style="info" %} Note: These records in vault will be created automatically if there are environment variables with the matching names. {% endhint %}

How to import existing user keys from DB into the vault:

During Guardian services initialization, we need to set the following configuration settings in auth-service folder:

IMPORT_KEYS_FROM_DB = 1
VAULT_PROVIDER = "hashicorp"