Skip to main content

Quick Start

This quick start guide provides a comprehensive task listing to download, setup and use Securosys' Secret Engine plugin for HashiCorp Vault.

  1. Download and install Hashicorp Vault

  2. Download the Secrets Engine plugin from Securosys' jfrog repository:
    Login: robot.reader.hashicorpvault
    Password: REPLACE_ME_WITH_PASSWORD

  3. Add the plugin_directory parameter to config.hcl, if it does not already exit. For example: plugin_directory=/home/test/vault/plugins

  4. Copy the appropriate plugin binary to the plugin directory.

  5. Run the command
    $ vault plugin register -sha256={binary_checksum} secret securosys-hsm
    where {binary_checksum} is checksum of the plugin binary

Binary checksum

The binary checksum is pre-generated and stored within each build version of this plugin.

  1. After successful registration, run command to enable the plugin
    $ vault secrets enable securosys-hsm

  2. The final step is to setup the configuration to connect with Transaction Security Broker (TSB). For example, using a Bearer Token:

$ vault write securosys-hsm/config 
auth="TOKEN"
bearertoken="jwt token string"
restapi="https://primusdev.cloudshsm.com"
tip

More examples of the plugin configuration can be found here: Configure the plugin

For more detailed instructions, please refer to: