Initializing the HashiCorp Vault Server

You must initialize the HashiCorp Vault server before accessing the HashiCorp Vault to begin configuring and managing secrets.

To initialize the HashiCorp Vault server:

1. Start a new terminal session and execute the following command:

   export VAULT_ADDR='http://127.0.0.1:8200'
   

2. Check the status of the HashiCorp Vault server by executing:

   ./vault status
   

   Key Value --- ----- Recovery Seal Type pkcs11 Initialized false Sealed true Total Recovery Shares 0 Threshold 0 Unseal Progress 0/0 Unseal Nonce n/a Version n/a HA Enabled false

3. Initialize the HashiCorp Vault server by executing the commands specified below. This generates a recovery key and initial root token.

   [root@localhost ~]# ./vault operator init -recovery-shares=1 -recovery-threshold=1
   Recovery Key 1: ReVHKc0jCwhP82MP/Fl0aKAKPh+P9BNtFT+4v8TME2I=
   Initial Root Token: s.zfr7HMDO1Hct6Nf7fv5SsjZ7
   Success! Vault is initialized
   Recovery key initialized with 1 key shares and a key threshold of 1. Please
   securely distribute the key shares printed above.
   Note the following logs in the first terminal where vault server is running:
   2018-11-16T06:15:48.859-0500 [INFO] core: loaded wrapping token key
   2018-11-16T06:15:48.860-0500 [INFO] core: successfully mounted backend: type=kv path=secret/
   … 2018-11-16T06:15:48.952-0500 [
   INFO] core: root token generated
   … 2018-11-16T06:15:49.031-0500 [
   INFO] core: vault is unsealed
   2018-11-16T06:15:49.032-0500 [INFO] core: post-unseal setup starting
   2018-11-16T06:15:49.153-0500 [INFO] core: loaded wrapping token key
   … 2018-11-16T06:15:49.157-0500 [
   INFO] core: successfully unsealed with stored key(s): stored_
   keys_used=1
   2018-11-16T06:15:49.157-0500 [INFO] expiration: lease restore complete
   

Copy the recovery key and initial root token and keep them at a safe place. The value of the Initial Root Token is used to log on to HashiCorp Vault.