Bossy Lobster

A blog by Danny Hermes; musing on tech, mathematics, etc.

Edit on GitHub

Running vault Locally

In order to run vault locally (I did this because I was on an airplane), first start the server with a known root token

export VAULT_TOKEN=root VAULT_ADDR=http://localhost:8200
vault server -dev -dev-root-token-id="${VAULT_TOKEN}"

vault version  # As a baseline, this is the version of `vault` I am using
# Vault v1.4.2 ('18f1c494be8b06788c2fdda1a4296eb3c4b174ce+CHANGES')

then replace the secrets engine with KVv1 (which is what we use at Blend at the time of this writing)

vault secrets disable secret
vault secrets enable -path=secret -version=1 kv

and finally seed any secrets that we'll use, for example

vault write \
  secret/dev/service/deployment/cheese/default/BOARD_CREDENTIALS \
  [email protected]:s33krit


If you don't have vault installed or want to avoid forgetting that you've got a vault server running, you can use docker.

docker run \
  --rm \
  --interactive --tty \
  --name vault-dev-server \
  --publish 8200:8200 \
  --cap-add IPC_LOCK \
  --env VAULT_DEV_ROOT_TOKEN_ID=root \

and then the same commands can be run to put it in KVv1 mode.