Vault
Run Vault as a service
Instead of starting your Vault server manually from the command line, you can configure a service to start Vault automatically.
Before you start
- You must install Vault. You can use a package manager or install a binary manually.
Step 1: Create a new service
Example tested on Ubuntu 22.04
The following service definition is a simpler version of the vault.service
example in the Vault GitHub repo: vault/.release/linux/package/usr/lib/systemd/system/vault.service
Set the
VAULT_CONFIG
environment variable to your Vault configuration directory. The default configuration directory is/etc/vault.d
:$ VAULT_CONFIG=/etc/vault.d
Confirm the path to your Vault binary:
$ VAULT_BINARY=$(which vault)
Create a
systemd
service calledvault.service
that uses the Vault binary:$ sudo tee /lib/systemd/system/vault.service <<EOF [Unit] Description="HashiCorp Vault" Documentation="https://developer.hashicorp.com/vault/docs" ConditionFileNotEmpty="${VAULT_CONFIG}/vault.hcl" [Service] User=vault Group=vault SecureBits=keep-caps AmbientCapabilities=CAP_IPC_LOCK CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK NoNewPrivileges=yes ExecStart=${VAULT_BINARY} server -config=${VAULT_CONFIG}/vault.hcl ExecReload=/bin/kill --signal HUP KillMode=process KillSignal=SIGINT [Install] WantedBy=multi-user.target EOF
Change the permissions on
/lib/systemd/system/vault.service
to644
:$ sudo chmod 644 /lib/systemd/system/vault.service
Step 2: Start the new service
Reload the
systemd
configuration:$ sudo systemctl daemon-reload
Start the Vault service:
$ sudo systemctl start vault.service
Verify the service status:
$ systemctl status vault.service vault.service - "HashiCorp Vault" Loaded: loaded (/lib/systemd/system/vault.service; disabled; vendor preset: enabled) Active: active (running) since Thu 2024-09-05 13:58:45 UTC; 4s ago Docs: https://developer.hashicorp.com/vault/docs Main PID: 3145 (vault) Tasks: 8 (limit: 2241) Memory: 23.6M CPU: 200ms CGroup: /system.slice/vault.service └─3145 /usr/bin/vault server -config=/etc/vault.d/vault.hcl
Step 3: Verify the service is running
To confirm the service is running and your Vault service is available, open the Vault GUI in a browser at the default address: http://localhost:8200
Related tutorials
The following tutorials provide additional guidance for installing Vault and production cluster deployment: