Show List
Tutorials > Secrets Management > Running Hashicorp Vault on Windows Computer

Running Hashicorp Vault on Windows Computer

In this tutorial, we are going to install and run the Hashicorp Vault on the windows computer. If you have MacOS or Linux computer, the instructions can be found at the official page "https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install"

On Windows computer run the command "choco install vault" using PowerShell with admin privileges'
mail2@sm15 MINGW64 ~
$ choco install vault
Chocolatey v0.10.15
2 validations performed. 1 success(es), 1 warning(s), and 0 error(s).

Validation Warnings:
 - A pending system reboot request has been detected, however, this is
   being ignored due to the current Chocolatey configuration.  If you
   want to halt when this occurs, then either set the global feature
   using:
     choco feature enable -name=exitOnRebootDetected
   or pass the option --exit-when-reboot-detected.

Installing the following packages:
vault
By installing you accept licenses for the packages.

vault v1.11.1 [Approved]
vault package files install completed. Performing other installation steps.
The package vault wants to run 'chocolateyInstall.ps1'.
Note: If you don't run this script, the installation will fail.
Note: To confirm automatically next time, use '-y' or consider:
choco feature enable -n allowGlobalConfirmation
Do you want to run the script?([Y]es/[A]ll - yes to all/[N]o/[P]rint): Yes

Downloading vault 64 bit
  from 'https://releases.hashicorp.com/vault/1.11.1/vault_1.11.1_windows_amd64.zip'
Progress: 100% - Completed download of C:\Users\mail2\AppData\Local\Temp\chocolatey\vault\1.11.1\vault_1.11.1_windows_amd64.zip (70.37 MB).
Download of vault_1.11.1_windows_amd64.zip (70.37 MB) completed.
Hashes match.
Extracting C:\Users\mail2\AppData\Local\Temp\chocolatey\vault\1.11.1\vault_1.11.1_windows_amd64.zip to C:\ProgramData\chocolatey\lib\vault\tools...
C:\ProgramData\chocolatey\lib\vault\tools
 ShimGen has successfully created a shim for vault.exe
 The install of vault was successful.
  Software installed to 'C:\ProgramData\chocolatey\lib\vault\tools'

Chocolatey installed 1/1 packages.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

After the installation is complete, you can run the vault command to verify
mail2@sm15 MINGW64 ~
$ vault
Usage: vault <command> [args]

Common commands:
    read        Read data and retrieves secrets
    write       Write data, configuration, and secrets
    delete      Delete secrets and configuration
    list        List data or secrets
    login       Authenticate locally
    agent       Start a Vault agent
    server      Start a Vault server
    status      Print seal and HA status
    unwrap      Unwrap a wrapped secret

Other commands:
    audit                Interact with audit devices
    auth                 Interact with auth methods
    debug                Runs the debug command
    kv                   Interact with Vault's Key-Value storage
    lease                Interact with leases
    monitor              Stream log messages from a Vault server
    namespace            Interact with namespaces
    operator             Perform operator-specific tasks
    path-help            Retrieve API help for paths
    plugin               Interact with Vault plugins and catalog
    policy               Interact with policies
    print                Prints runtime configurations
    secrets              Interact with secrets engines
    ssh                  Initiate an SSH session
    token                Interact with tokens
    version-history      Prints the version history of the target Vault server

Start Vault server in Dev mode

Run the command "vault server -dev" to start the server in dev mode:
mail2@sm15 MINGW64 ~
$ vault server -dev
==> Vault server configuration:

             Api Address: http://127.0.0.1:8200
                     Cgo: disabled
         Cluster Address: https://127.0.0.1:8201
              Go Version: go1.17.12
              Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: info
                   Mlock: supported: false, enabled: false
           Recovery Mode: false
                 Storage: inmem
                 Version: Vault v1.11.1, built 2022-07-19T20:16:47Z
             Version Sha: 0f634755745f4adf62ec0723a0b93d6dce5bc33e

==> Vault server started! Log data will stream in below:

2022-12-25T18:11:19.011-0500 [INFO]  proxy environment: http_proxy="" https_proxy="" no_proxy=""
2022-12-25T18:11:19.012-0500 [WARN]  no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
2022-12-25T18:11:19.012-0500 [INFO]  core: Initializing version history cache for core
2022-12-25T18:11:19.013-0500 [INFO]  core: security barrier not initialized
2022-12-25T18:11:19.014-0500 [INFO]  core: security barrier initialized: stored=1 shares=1 threshold=1
2022-12-25T18:11:19.014-0500 [INFO]  core: post-unseal setup starting
2022-12-25T18:11:19.017-0500 [INFO]  core: loaded wrapping token key
2022-12-25T18:11:19.017-0500 [INFO]  core: Recorded vault version: vault version=1.11.1 upgrade time="2022-12-25 23:11:19.0172382 +0000 UTC" build date=2022-07-19T20:16:47Z
2022-12-25T18:11:19.017-0500 [INFO]  core: successfully setup plugin catalog: plugin-directory=""
2022-12-25T18:11:19.017-0500 [INFO]  core: no mounts; adding default mount table
2022-12-25T18:11:19.018-0500 [INFO]  core: successfully mounted backend: type=cubbyhole path=cubbyhole/
2022-12-25T18:11:19.018-0500 [INFO]  core: successfully mounted backend: type=system path=sys/
2022-12-25T18:11:19.018-0500 [INFO]  core: successfully mounted backend: type=identity path=identity/
2022-12-25T18:11:19.021-0500 [INFO]  core: successfully enabled credential backend: type=token path=token/ namespace="ID: root. Path: "
2022-12-25T18:11:19.021-0500 [INFO]  rollback: starting rollback manager
2022-12-25T18:11:19.022-0500 [INFO]  core: restoring leases
2022-12-25T18:11:19.023-0500 [INFO]  identity: entities restored
2022-12-25T18:11:19.023-0500 [INFO]  identity: groups restored
2022-12-25T18:11:19.023-0500 [INFO]  expiration: lease restore complete
2022-12-25T18:11:19.433-0500 [INFO]  core: post-unseal setup complete
2022-12-25T18:11:19.433-0500 [INFO]  core: root token generated
2022-12-25T18:11:19.433-0500 [INFO]  core: pre-seal teardown starting
2022-12-25T18:11:19.433-0500 [INFO]  rollback: stopping rollback manager
2022-12-25T18:11:19.433-0500 [INFO]  core: pre-seal teardown complete
2022-12-25T18:11:19.434-0500 [INFO]  core.cluster-listener.tcp: starting listener: listener_address=127.0.0.1:8201
2022-12-25T18:11:19.434-0500 [INFO]  core.cluster-listener: serving cluster requests: cluster_listen_address=127.0.0.1:8201
2022-12-25T18:11:19.434-0500 [INFO]  core: post-unseal setup starting
2022-12-25T18:11:19.434-0500 [INFO]  core: loaded wrapping token key
2022-12-25T18:11:19.434-0500 [INFO]  core: successfully setup plugin catalog: plugin-directory=""
2022-12-25T18:11:19.434-0500 [INFO]  core: successfully mounted backend: type=system path=sys/
2022-12-25T18:11:19.435-0500 [INFO]  core: successfully mounted backend: type=identity path=identity/
2022-12-25T18:11:19.435-0500 [INFO]  core: successfully mounted backend: type=cubbyhole path=cubbyhole/
2022-12-25T18:11:19.435-0500 [INFO]  core: successfully enabled credential backend: type=token path=token/ namespace="ID: root. Path: "
2022-12-25T18:11:19.435-0500 [INFO]  rollback: starting rollback manager
2022-12-25T18:11:19.436-0500 [INFO]  core: restoring leases
2022-12-25T18:11:19.436-0500 [INFO]  identity: entities restored
2022-12-25T18:11:19.436-0500 [INFO]  identity: groups restored
2022-12-25T18:11:19.436-0500 [INFO]  expiration: lease restore complete
2022-12-25T18:11:19.436-0500 [INFO]  core: post-unseal setup complete
2022-12-25T18:11:19.436-0500 [INFO]  core: vault is unsealed
2022-12-25T18:11:19.445-0500 [INFO]  core: successful mount: namespace="" path=secret/ type=kv
2022-12-25T18:11:19.456-0500 [INFO]  secrets.kv.kv_fde057f9: collecting keys to upgrade
2022-12-25T18:11:19.456-0500 [INFO]  secrets.kv.kv_fde057f9: done collecting keys: num_keys=1
2022-12-25T18:11:19.456-0500 [INFO]  secrets.kv.kv_fde057f9: upgrading keys finished
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variable:

PowerShell:
    $env:VAULT_ADDR="http://127.0.0.1:8200"
cmd.exe:
    set VAULT_ADDR=http://127.0.0.1:8200

The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.

Unseal Key: +Z68DxbYCFDJpQ/5adrKn7ZltVYH1U/+F7bBosHQcgM=
Root Token: hvs.Z8swD4DRYQDtuHGlkkxFkTRG

Development mode should NOT be used in production installations!

Make a note of unseal key and root token provided above. 

The Vault UI can be assessed from url "http://localhost:8200/". Enter the token from above to login to Vault UI
To access the vault from command line, set up the environment variables VAULT_ADDR and VAULT_TOKEN.
mail2@sm15 MINGW64 ~ $ export VAULT_ADDR=http://127.0.0.1:8200 mail2@sm15 MINGW64 ~ $ export VAULT_TOKEN=hvs.Z8swD4DRYQDtuHGlkkxFkTRG 
Once these variables are set, we can access VAULT through command line. To verify, run command "vault status" . You should see the output as below
mail2@sm15 MINGW64 ~
$ vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.11.1
Build Date      2022-07-19T20:16:47Z
Storage Type    inmem
Cluster Name    vault-cluster-2a975cdf
Cluster ID      e7f1026e-5728-5a4f-6032-d5f027344e05
HA Enabled      false



Next: Running Hashicorp Vault on Docker

    Leave a Comment

  • captcha text