Using Vault ensures that your Elasticsearch password will be encrypted in the database. If you do not use Vault, your Elasticsearch password will be saved as clear text.
Note
If you are using the basic dev mode of Vault, the external servers with authentication or APIs will need to be re-added when you restart Vault.
-
Install Vault.
-
Open a command line interface and launch Vault using the following command:
vault server -dev -dev-root-token-id root
-
Add the Environment variable:
export VAULT_ADDR='http://127.0.0.1:8200
-
Enable transit using the following command:
vault secrets enable transit
-
Create an encryption key ring called rms using the following command:
vault write -f transit/keys/rms
-
Create a policy named app-rms using the following command:
vault policy write app-rms -<<EOF
path "transit/encrypt/rms" {
capabilities = [ "update" ]
}
path "transit/decrypt/rms” {
capabilities = [ "update" ]
}
EOF
-
Create a token with the app-rms policy attached using the following command:
vault token create -policy=app-rms
-
Record the token value.