Skip to main content

Aerospike as a Backend Storage for HashiCorp Vault

· 3 min read
Yevgeny Rizhkov

A quick introduction from installation to insights

Vault 1.7.0 is released, and it includes my contribution to support the Aerospike database as backend storage. See the release notes for more details.

From now on, Aerospike users can store their sensitive data using Vault almost seamlessly.

I will not talk about the benefits of using Vault and will jump into the installation and configuration details right away.

Setup

First thing you’ll need is to install Vault if you haven’t done this yet.

Make sure that the Vault binary is available on the PATH. See this page for instructions on setting the PATH on Linux and Mac. This page contains instructions for setting the PATH on Windows.

Verify the installation worked by opening a new terminal session and checking that the vault binary is available.

$ vault version Vault v1.7.0 (4e222b85c40a810b74400ee3c54449479e32bb9f)

Configuration

Outside of development mode, Vault servers are configured using a file. The format of this file is HCL. Let’s configure our Aerospike cluster to be the Vault’s backend storage:

storage “aerospike” { hostname = “localhost” port = “3300” namespace = “test” set = “vault” } listener “tcp” { address = “127.0.0.1:8200” tls_disable = 1 }

You can find more information about the Aerospike backend configuration here.

To start the server:

vault server -config aerospike_backend.hcl

The Vault server is up and running on the default 8200 port.

Now open a new terminal window and go through the guide to initialize the Vault server.

It is a little bit cumbersome with all those unseals and login, but you’ll figure it out.

After the successful login, we need to enable a version 1 kv store:

vault secrets enable -version=1 kv

Usage

Now is the time to try things out.

$ vault kv put kv/my-secret my-value=s3cr3t Success! Data written to: kv/my-secret $ vault kv get kv/my-secret ====== Data ====== Key Value — — — — - my-value s3cr3t

Your first secret was successfully stored and retrieved from Aerospike using Vault!

In this short introduction blog post, we covered the setup of Vault using Aerospike as a storage backend.

The Aerospike backend supports both CE and EE and doesn’t expose all the configuration properties available. We will work to include those in future releases.

I hope you are excited about this new Vault capability. Please let us know if you encounter any issues using it.