DEV Community

Cover image for Aerospike as a Backend Storage for HashiCorp Vault
Eugene R. for Aerospike

Posted on

Aerospike as a Backend Storage for HashiCorp Vault

Vault 1.7.0 is released, and it includes my contribution to support the Aerospike database as backend storage. See the release notes for more details.

From now on, Aerospike users can store their sensitive data using Vault almost seamlessly.

I will not talk about the benefits of using Vault and will jump into the installation and configuration details right away.

Setup

First thing you’ll need is to install Vault if you haven’t done this yet.
Make sure that the Vault binary is available on the PATH. See this page for instructions on setting the PATH on Linux and Mac. This page contains instructions for setting the PATH on Windows.

Verify the installation worked by opening a new terminal session and checking that the vault binary is available.

$ vault version
Vault v1.7.0 (4e222b85c40a810b74400ee3c54449479e32bb9f)
Enter fullscreen mode Exit fullscreen mode

Configuration

Outside of development mode, Vault servers are configured using a file. The format of this file is HCL. Let’s configure our Aerospike cluster to be the Vault’s backend storage:

storage "aerospike" {
  hostname = "localhost"
  port = "3300"
  namespace = "test"
  set = "vault"
}

listener "tcp" {
  address     = "127.0.0.1:8200"
  tls_disable = 1
}
Enter fullscreen mode Exit fullscreen mode

You can find more information about the Aerospike backend configuration here.

To start the server:

vault server -config aerospike_backend.hcl
Enter fullscreen mode Exit fullscreen mode

The Vault server is up and running on the default 8200 port.

Now open a new terminal window and go through the guide to initialize the Vault server.
It is a little bit cumbersome with all those unseals and login, but you’ll figure it out.

After the successful login, we need to enable a version 1 kv store:

vault secrets enable -version=1 kv
Enter fullscreen mode Exit fullscreen mode

Usage

Now is the time to try things out.

$ vault kv put kv/my-secret my-value=s3cr3t
Success! Data written to: kv/my-secret

$ vault kv get kv/my-secret
====== Data ======
Key         Value
---         -----
my-value    s3cr3t
Enter fullscreen mode Exit fullscreen mode

Your first secret was successfully stored and retrieved from Aerospike using Vault!


In this short introduction blog post, we covered the setup of Vault using Aerospike as a storage backend.

The Aerospike backend supports both CE and EE and doesn’t expose all the configuration properties available. We will work to include those in future releases.

I hope you are excited about this new Vault capability. Please let us know if you encounter any issues using it.

Top comments (0)