This assumes you have installed the Hashicorp vault. After a clean install of the vault, the easiest way to start the vault is with the vault server -dev command. The -dev flag is used to start the development server, just for testing purposes.

vault server -dev &

The vault status command can be used to ensure the vault is up and running.

vault status

By default, the vault will be bound to the localhost interface at 127.0.0.1 on port 8200. With this binding, you will only be able to interact with the vault locally, meaning you will not be able to connect to the vault from other systems in your network.

To be able to connect to the vault from other systems in your network, create the config.hcl file. In the config.hcl file, instead of using 127.0.0.1, use the hostname or IP address of your system running the vault service.

storage "raft" {
  path    = "./vault/data"
  node_id = "node1"
}

listener "tcp" {
  address     = "vault.example.com:8200"
  tls_disable = "true"
}

path "secret/data/*" {
  capabilities = ["list", "read", "create", "update", "delete"]
}

api_addr = "http://vault.example.com:8200"
cluster_addr = "https://vault.example.com:8201"
ui = true

Create the hidden ./vault/data directory.

mkdir --parents ./vault/data

Add the following to the users /home/username/.bash_profile file.

export VAULT_ADDR='http://<hostname or IP address>:<port>'

And then start the vault using the config.hcl file.

vault server -config=config.hcl &

If this is your very first time starting the vault, initialize the vault.

vault operator init

Use the vault status command to determine if the vault is sealed our unsealed. If the vault is sealed, and you want to unseal the vault, refer to unsealing the vault.

~]# vault status
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          true
Total Shares    5
Threshold       3
Unseal Progress 0/3
Unseal Nonce    n/a
Version         1.8.1
Storage Type    raft
HA Enabled      true