DEV Community

Cover image for Aerospike as a Backend Storage for HashiCorp Vault
Eugene R. for Aerospike

Posted on

3 2

Aerospike as a Backend Storage for HashiCorp Vault

Vault 1.7.0 is released, and it includes my contribution to support the Aerospike database as backend storage. See the release notes for more details.

From now on, Aerospike users can store their sensitive data using Vault almost seamlessly.

I will not talk about the benefits of using Vault and will jump into the installation and configuration details right away.

Setup

First thing you’ll need is to install Vault if you haven’t done this yet.
Make sure that the Vault binary is available on the PATH. See this page for instructions on setting the PATH on Linux and Mac. This page contains instructions for setting the PATH on Windows.

Verify the installation worked by opening a new terminal session and checking that the vault binary is available.

$ vault version
Vault v1.7.0 (4e222b85c40a810b74400ee3c54449479e32bb9f)
Enter fullscreen mode Exit fullscreen mode

Configuration

Outside of development mode, Vault servers are configured using a file. The format of this file is HCL. Let’s configure our Aerospike cluster to be the Vault’s backend storage:

storage "aerospike" {
  hostname = "localhost"
  port = "3300"
  namespace = "test"
  set = "vault"
}

listener "tcp" {
  address     = "127.0.0.1:8200"
  tls_disable = 1
}
Enter fullscreen mode Exit fullscreen mode

You can find more information about the Aerospike backend configuration here.

To start the server:

vault server -config aerospike_backend.hcl
Enter fullscreen mode Exit fullscreen mode

The Vault server is up and running on the default 8200 port.

Now open a new terminal window and go through the guide to initialize the Vault server.
It is a little bit cumbersome with all those unseals and login, but you’ll figure it out.

After the successful login, we need to enable a version 1 kv store:

vault secrets enable -version=1 kv
Enter fullscreen mode Exit fullscreen mode

Usage

Now is the time to try things out.

$ vault kv put kv/my-secret my-value=s3cr3t
Success! Data written to: kv/my-secret

$ vault kv get kv/my-secret
====== Data ======
Key         Value
---         -----
my-value    s3cr3t
Enter fullscreen mode Exit fullscreen mode

Your first secret was successfully stored and retrieved from Aerospike using Vault!


In this short introduction blog post, we covered the setup of Vault using Aerospike as a storage backend.

The Aerospike backend supports both CE and EE and doesn’t expose all the configuration properties available. We will work to include those in future releases.

I hope you are excited about this new Vault capability. Please let us know if you encounter any issues using it.

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay