Tutorial: Setting up a Vault test instance


anjuna-tutorial-quick-vault-setup: Quickly setup a Vault instance for the purpose of going through the tutorial in Getting started.


$ anjuna-tutorial-quick-vault-setup [OPTIONS]...


The Anjuna Vault Generate Test Config utility quickly sets up a Vault configuration that can be used for learning about the Anjuna Vault Unseal tool. After running this tool, the following files will be created in the current directory:

  • config/vault_config.hcl : Vault configuration file (unencrypted, but no secrets yet)
  • config/vault_tls.crt    : Public TLS cert chain with wildcard host *.anjuna.test
  • config/vault_tls.key    : Private TLS key for server
  • config/ca.crt           : Public key of CA that signed server certificate
  • config/vault_unseal.yml : unencrypted Unsealvault configuration file which contains the root token, and the the unseal keys.

The generated files allow running Vault under a test configuration:

  • Filesystem Storage Backend
  • TLS enabled, running locally at https://vault.anjuna.test:8200 (unless the --port command line option specifies a different port)
  • Using three key shares to split the generated master key (instead of the Vault default 5)
  • Using a key threshold of 2 to reconstruct the master key (instead of the Vault default of 3)


--init              Create the Vault configuration files in the current directory.
                    This is the default option if no other command line options are
--start             Start the Vault instance using the existing configuration
--stop              Stops the Vault instance for the current configuration (if running)
--check             Check whether the Vault instance is running, and display the Vault
--clean             Remove the existing Vault configuration from the current directory
                    the path for the CA-CERT, and the unseal keys.
--help              Display this information and exit


This is a test configuration!

Do not use this configuration for any purpose but running through the steps of the tutorial.

When executed without any command line arguments, the utility will create a new configuration in the current directory. If an existing configuration exists, the utility will not overwrite the existing files.

To remove the existing configuration, the --clean command line parameter should be used.


  • 0 on success
  • 1 if an error occurred when creating a test Vault instance


$ anjuna-tutorial-quick-vault-setup --port 9080
$ anjuna-tutorial-quick-vault-setup --start
$ anjuna-tutorial-quick-vault-setup --check
$ anjuna-tutorial-quick-vault-setup --stop
$ anjuna-tutorial-quick-vault-setup --clean