Vault

By Vault charmers
Security

Architecture:

Base version:

Channel	Revision	Published	Runs on
latest/edge	383	23 Aug 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	367	25 Jul 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	364	23 Jul 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	363	23 Jul 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	336	20 Jun 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	335	20 Jun 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	334	20 Jun 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	333	20 Jun 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	332	20 Jun 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	331	20 Jun 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	330	20 Jun 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	329	20 Jun 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	220	20 Jan 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	216	19 Jan 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	214	19 Jan 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	213	19 Jan 2024	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	109	18 Apr 2023	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
latest/edge	79	02 Aug 2022	Ubuntu 24.04 Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.10 Ubuntu 22.04 Ubuntu 20.04
1.8/stable	372	26 Jul 2024	Ubuntu 22.04
1.8/edge	164	09 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	162	09 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	161	09 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	159	09 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	157	09 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	156	09 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	155	09 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	154	09 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	140	07 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	138	04 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	135	04 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.8/edge	131	04 Aug 2023	Ubuntu 23.10 Ubuntu 23.04 Ubuntu 22.04
1.16/stable	387	12 Sep 2024	Ubuntu 22.04
1.16/candidate	387	12 Sep 2024	Ubuntu 22.04
1.16/beta	387	12 Sep 2024	Ubuntu 22.04
1.16/edge	388	Yesterday	Ubuntu 22.04
1.15/stable	357	24 Jul 2024	Ubuntu 22.04
1.15/candidate	357	24 Jul 2024	Ubuntu 22.04
1.15/beta	357	24 Jul 2024	Ubuntu 22.04
1.15/edge	376	31 Jul 2024	Ubuntu 22.04
1.7/stable	371	26 Jul 2024	Ubuntu 22.04 Ubuntu 20.04
1.6/stable	369	26 Jul 2024	Ubuntu 20.04 Ubuntu 18.04
1.5/stable	370	26 Jul 2024	Ubuntu 20.04 Ubuntu 18.04

Learn to deploy on juju >

Platform:

24.04 23.10 23.04 22.10 22.04 20.04 18.04

Relevant links

Discuss this charm

Share your thoughts on this charm with the community on discourse.

Join the discussion

Scale

The Vault charm uses the raft backend to scale. This guide walks you through scaling Vault.

Pre-requisites:

Vault is initialised and unseal
The Vault charm is authorised

1. Validate that Vault is an active state

Run juju status:

Model  Controller           Cloud/Region         Version  SLA          Timestamp
demo   localhost-localhost  localhost/localhost  3.4.0    unsupported  12:11:19-04:00

App    Version  Status  Scale  Charm  Channel    Rev  Exposed  Message
vault           active      1  vault  1.15/beta  257  no       

Unit      Workload  Agent  Machine  Public address  Ports  Message
vault/0*  active    idle   0        10.191.126.116         

Machine  State    Address         Inst id        Base          AZ  Message
0        started  10.191.126.116  juju-b8368f-0  ubuntu@22.04      Running

2. Scale Vault to 3 units

Add 2 more units:

juju add-unit vault -n 2

The new units will be sealed:

Model  Controller           Cloud/Region         Version  SLA          Timestamp
demo   localhost-localhost  localhost/localhost  3.4.0    unsupported  12:19:14-04:00

App    Version  Status   Scale  Charm  Channel    Rev  Exposed  Message
vault           blocked      3  vault  1.15/beta  257  no       Waiting for Vault to be unsealed

Unit      Workload  Agent  Machine  Public address  Ports  Message
vault/0*  active    idle   0        10.191.126.116         
vault/1   blocked   idle   1        10.191.126.151         Waiting for Vault to be unsealed
vault/2   blocked   idle   2        10.191.126.90          Waiting for Vault to be unsealed

Machine  State    Address         Inst id        Base          AZ  Message
0        started  10.191.126.116  juju-b8368f-0  ubuntu@22.04      Running
1        started  10.191.126.151  juju-b8368f-1  ubuntu@22.04      Running
2        started  10.191.126.90   juju-b8368f-2  ubuntu@22.04      Running

Set the VAULT_ADDR variable to the vault/1 unit:

export VAULT_ADDR=https://$(juju status vault/1 --format=yaml | awk '/public-address/ { print $2 }'):8200; echo $VAULT_ADDR

Unseal the the vault/1 unit using the same unseal keys as received during the initialization of the Vault leader:

vault operator unseal EJoB62t286mjUpSQYZg3mOla3lz/bbElVL5OLnj+rpE=

And complete the same operations for the vault/2 unit:

export VAULT_ADDR=https://$(juju status vault/2 --format=yaml | awk '/public-address/ { print $2 }'):8200; echo $VAULT_ADDR
vault operator unseal EJoB62t286mjUpSQYZg3mOla3lz/bbElVL5OLnj+rpE=

3. Validate that all units are part of the cluster

All units should go to the Active/Idle Juju status:

$ juju status
Model  Controller           Cloud/Region         Version  SLA          Timestamp
demo   localhost-localhost  localhost/localhost  3.4.0    unsupported  12:24:32-04:00

App    Version  Status  Scale  Charm  Channel    Rev  Exposed  Message
vault           active      3  vault  1.15/beta  257  no       

Unit      Workload  Agent  Machine  Public address  Ports  Message
vault/0*  active    idle   0        10.191.126.116         
vault/1   active    idle   1        10.191.126.151         
vault/2   active    idle   2        10.191.126.90          

Machine  State    Address         Inst id        Base          AZ  Message
0        started  10.191.126.116  juju-b8368f-0  ubuntu@22.04      Running
1        started  10.191.126.151  juju-b8368f-1  ubuntu@22.04      Running
2        started  10.191.126.90   juju-b8368f-2  ubuntu@22.04      Running

And they should all be part of the raft cluster:

$ vault operator raft list-peers
Node            Address                State       Voter
----            -------                -----       -----
demo-vault/0    10.191.126.116:8201    leader      true
demo-vault/1    10.191.126.151:8201    follower    true
demo-vault/2    10.191.126.90:8201     follower    true

Help improve this document in the forum (guidelines). Last updated 5 months ago.