This is a simple script that will install and configure a single Vault instance as well as SoftHSM2 on an Ubuntu VM.
A successful execution of the script should provide you with a Vault instance that auto-unseal using keys stored in a SoftHSM2 slot.
Please do not use this for production employments. This is for lab/testing/demonstration purposes only.
- An x86_64 Ubuntu VM (VirtualBox, AWS, gcloud, etc) - Testing was done on Jammy Jellyfish - see the tf folder for a sandbox
- Bash shell
- Vault Enterprise License (HSM support is only available for Vault Enterprise)
- Vault 1.17.1 Enterprise HSM now supports ARM. See tf_arm for an ARM sandbox based on Noble Numbat
$ git clone https://github.com/kwagga/Vault_SoftHSM2.git
$ cd Vault_SoftHSM2
- Populate
vault.hclic
with your license.
$ chmod +x setup.sh
$ ./setup.sh
Vault Recovery keys and root token will be available in ~/unseal.keys
See demo_commands.md
for more information.