Create a Vault cluster on HCP
HashiCorp Cloud Platform (HCP) Vault enables you to quickly deploy a Vault Enterprise cluster in a supported public cloud provider. As a fully managed service, it allows you to use Vault as a central secret management service while offloading the operational burden to the Site Reliability Engineering (SRE) experts at HashiCorp.
Previous experience with Vault and Vault Enterprise is not required to deploy a Vault cluster in HCP.
In this tutorial, you will deploy a Vault Enterprise cluster guided by the HCP portal.
Prerequisites
- Access to an HCP account.
Create a Vault cluster
Note
This tutorial assumes you have not previously created HashiCorp Virtual Network (HVN) in your HashiCorp Cloud Platform account.
Launch the HCP Portal and login.
If you have logged in before, the portal opens the last project you were in. Navigate back to the organization level from the breadcrumbs, or click on the HashiCorp icon at the top-left to choose other organization.
Click on the HashiCorp icon to list your organizations, and select the organization to create an HCP Vault Dedicated cluster in.
HashiCorp Cloud Platform (HCP) provides your account with an organization. Your account may invite others to join your organization or you may be invited to join other organizations.
Click Projects, and select the target project.
- Click + Create project.
- Enter the Project name and Project description.
- Click Create project to complete.
You can use projects to separate access within an organization, such as by team, use cases, or environment (e.g. development, staging, production, etc.).
From the Overview page, click Get started with Vault.
From the Vault overview page you have the option to deploy Vault Dedicated using a Quick Deploy Template which deploys Vault with a sample configuration or you can choose to Start from scratch which deploys a standard Vault instance with no existing configuration.
For the purposes of these tutorials and learning about Vault, click the Create cluster button under Start from scratch.
Select your preferred cloud provider.
Click the Vault tier pull down menu and select Development.
Tip
The development tier should not be used for production workloads.
Click the Cluster size pull down menu and select Extra Small.
For the development tier, Extra Small is the only available cluster size.
Under the Network section, accept or edit the Network ID, Region selection, and CIDR block for the HVN.
Note
You can learn how to connect to a private Vault Dedicated cluster on AWS in the Connect an Amazon Transit Gateway to your HashiCorp Virtual Network or Peering an AWS VPC with HashiCorp Cloud Platform (HCP) tutorials, or the Peering an Azure Virtual Network with HashiCorp Cloud Platform (HCP) tutorial for Azure.
Under the Basics section, accept or edit the default Cluster ID (
vault-cluster
).Under Templates, select Start from scratch. Templates provide sample configurations for various use cases.
Click Create cluster.
Wait for the cluster to initialize before proceeding.
After the cluster is created, refresh the page.
Click Cluster networking. The cluster networking page allows you to configure whether the cluster is configured for public or private access.
By default, all development tier clusters are configured for public access and all production tier clusters are configured for private access.
The IP Allow list allows you to add specific IP addresses or CIDR ranges that will be permitted to access the Vault Dedicated clusters public endpoint (if public access is enabled).
You can also enable or disable the HCP Proxy. The proxy allows you to access the Vault user interface when private access is enabled.
Click Overview to return to the Vault cluster overview page.
Vault cluster overview
The Vault page displays the created Vault cluster. Within that view, the Overview page displays information to help you learn about Vault Dedicated, Vault configuration, Vault usage, and cluster details. The Access Vault pane contains details that enable you to administer the Vault cluster through the Web UI or command-line interface (CLI).
Note
The cluster is created with a top-level Namespace called
admin
. Namespaces
enable you to create isolated Vault environments. Refer to the
HCP Vault Dedicated namespace considerations
tutorial
to learn more.
Review the Cluster Details pane. Cluster details provide helpful information about your Vault Dedicated cluster.
Review the Quick actions pane. The Quick actions pane provides details for accessing your new Vault Dedicated cluster. You can use the Cluster URLs links to Copy the public or private addresses, and use the Generate token link to generate a new admin token to perform the initial configuration of the Vault Dedicated cluster.