Skip to main content

Installing Secrets Engine plugin

1. Install Hashicorp Vault

Install Hashicorp Vault:

2. Register the plugin

Add the following parameter in the configuration file config.hcl:

  • plugin_directory - must contain the absolute path to the directory where the plugins are stored

Use the following command to register the plugin:

$ vault plugin register -sha256={binary_checksum} secret securosys-hsm

3. Enable the plugin

After building the plugin, it must be enabled with the following command before running it on the test server:

$ vault secrets enable securosys-hsm

The result should be:

$ Success! Enabled the securosys-hsm secrets engine at: securosys-hsm/

4. Upgrade the plugin

To upgrade a binary of an existing working plugin, follow these steps:

  1. Copy the new plugin binary to the plugin_directory.

  2. Register a new version of the plugin.

    $ vault plugin register -sha256={binary_checksum} -version={new-version} secret securosys-hsm

  3. Tune the existing mount to reconfigure it to use the newly registered version.

    $ vault secrets tune -plugin-version={new-version}  securosys-hsm

  4. Reload the plugin

    $ vault plugin reload -plugin securosys-hsm