Reputation: 1328
How to connect to remote hashicorp vault server
Let me explain my use-case here,
I wanted to give a try to vault in my local, so I configured VAULT_ADDR as:
$ echo $VAULT_ADDR
http://127.0.0.1:8200
then I started vault in dev mode (vault server -dev) and everything was ok, I was able to connect to the server.
Then I wrote a really simple config file:
$ cat vault.config
backend "inmem" {}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = 1
}
disable_mlock = true
and I restarted the server with vault server -config=vault.config, This too worked fine.
Now I want to use vault server which is deployed in remote server (aws ec2 instance). I have changed content my config file to below
backend "inmem" {}
listener "tcp" {
address = "123.456.789.1:8200" (aws ec2 public ip)
tls_disable = 1
}
disable_mlock = true
now this is throwing error
Error checking seal status: Get "http://123.456.789.1:8200/v1/sys/seal-status": dial tcp 123.456.789.1:8200: connect: connection refused'
when i am trying to check connectivity using telnet command, that too failed.
telnet 123.456.789.1 8200
telnet: Unable to connect to remote host: Connection refused
I have opened 8200 port in security group of aws, and both instances are in same vpc. What I am missing here? Any help?
Upvotes: 3
Views: 9421
Answers (2)
Reputation: 41
I had the same problem I was trying to reach my remote vault server this helps me https://stackoverflow.com/a/67218570/19887897
You just have to start your server like this
vault server -dev -dev-listen-address="0.0.0.0:8200"
Upvotes: 2
Reputation: 1328
I was able to figure out solution for above issue. Basically I executed below steps.
- First I started vault server in above machine ( '123.456.XXX.X' ) by below command
vault server -dev -dev-listen-address="123.456.789.1:8200"
here 123.456.789.1 --> This is private IP of my ec2 instance, where my vault server is running.
- Next, In my source machine (the one from which i am invoking vault server in 123.456.XXX.X ), I set below parameters
export VAULT_ADDR='http://123.456.789.1:8200'
export VAULT_TOKEN='*****************'
- Now when I am trying to do telnet to 123.456.XXX.X server, it is working as expected
telnet 123.456.789.1 8200
output
Trying 123.456.789.1...
Connected to 123.456.789.1.
Escape character is '^]'.
Upvotes: 4
Related Questions
- How to login HashiCorp Vault using curl command
- How to connect vault CLI to Vault Cluster installed on k8s?
- How to start Hashocorp vault as a Service and access from another EC2 instance?
- Can't connect to Vault web ui
- login unauthorized error whle connecting to external hashicorp vault with kubernetes service account
- HashiCorp Vault on AWS Quickstart: how to connect to vault through bastion from localhost?
- Hashicorp-vault userpass authentication
- vault for kubernetes (vault-operator)
- How to use Hashicorp Vault like login to web site
- How do I set up username/password authentication with Hashicorp Vault