Skip to main content

Using HashiCorp Vault to Secure Your Local Credentials

Image
By mvryo
Photo by Emiel Maters on Unsplash


⚠️ Disclaimer: This guide is for macOS only. I’m using a MacBook Air so I won’t be able to cover Windows or Linux steps. Also, this Vault setup is meant for local/dev use only — not for production.

What Is Vault & Why Use It?

HashiCorp Vault is like a digital safe for storing secrets — think passwords, API keys, tokens, or anything sensitive. Instead of keeping those values in .env files or plaintext notes, Vault encrypts and protects them.

With just a few commands, you can set up your Mac to behave like a personal Vault server.

What You’ll Need

  • Mac with Homebrew installed
  • Internet connection
  • Terminal access
  • Patience (don’t worry — I’ll guide you!)

Step-by-Step: Setting Up Vault Locally on macOS

1. Install Vault Using Homebrew

# Install Vault
brew tap hashicorp/tap
brew install hashicorp/tap/vault

# Verify Vault Installation
vault -version

2. Locate Vault Installation

# CD to directory where homebrew installs 
cd "$(brew --prefix)"

# Run ls command to look for installation of Vault
ls

On my machine, Vault was installed under:

/usr/local/opt/vault

3. Create the Vault Configuration File

Create the configuration file:

nano /usr/local/etc/vault.hcl

Paste this configurations:

ui = true
disable_mlock = true
api_addr = "http://127.0.0.1:8200"

storage "file" {
  path = "/usr/local/var/vault/data"
}

listener "tcp" {
  address     = "127.0.0.1:8200"
  tls_disable = 1
}

audit {
  file_path = "/usr/local/var/log/vault_audit.log"
  log_raw   = false
}

ui = true gives us a web interface
disable_mlock = true is needed on macOS
audit lets you log who accesses what

4. Modify Vault’s plist File (Startup Settings)

Modify this file:

nano /usr/local/opt/vault/homebrew.mxcl.vault.plist

Replace:

<string>-dev</string>

With:

<string>-config</string>
<string>/usr/local/etc/vault.hcl</string>

5. (Optional) One-Liner to Patch It Automatically

If you’re comfortable with Terminal, you can patch it like this:

pl="$(brew --prefix)/opt/vault/homebrew.mxcl.hashicorp~tap~vault.plist"
sed -i '' 's/-dev/-config\/usr\/local\/etc\/vault.hcl/' "$pl"

6. Add Vault Address to Your Shell Config

Append this line to ~/.bash_profile (or .zshrc if you use zsh):

export VAULT_ADDR='http://127.0.0.1:8200'

Then apply the change:

source ~/.bash_profile

7. Start Vault as a Background Service

brew services start hashicorp/tap/vault

8. Check Vault Status

vault status

Expected output:

Initialized: false
Sealed: true
...

9. Initialize the Vault

This command sets up your Vault:

vault operator init -key-shares=1 -key-threshold=1

You’ll get two important values:

  • Unseal Key
  • Initial Root Token

Save these somewhere safe! If you lose them, you can’t access your Vault.

10. Log In via Vault Web UI

Open your browser and go to http://127.0.0.1:8200/ui, you should be able to see the following screen:

Steps:

  1. Enter your Unseal Key
  2. Click Unseal

Steps:

  1. Use your Root Token to sign in

On successful sign in, you should be able to see the following screen:

Try Saving a Secret

Once you’re logged in:

  1. Click on Secrets Engine
  2. Enable new engine, Key/Value (KV), if not yet enabled
  3. On Secrets Engine, you should be able to see kv/ then click on it
  4. Create a secret like myapi/key, add the fields for the secret then click save

Try Viewing a Secret

  1. Navigate back to kv/ list and click on your created secret:

2. Click on your created secret:

Congratulations! You’re Now Using Vault

You’ve turned your Mac into your own secret vault. From here, you can:

  • Store personal tokens and credentials safely
  • Use CLI or Web UI to access or modify secrets
  • Log access events with audit logs

For more detailed documentation of Vault, you may visit https://developer.hashicorp.com/vault.

Labels:

Comments

Post a Comment

Popular posts from this blog

Understanding Number Systems: Decimal, Binary, and Hexadecimal

By mvryo
In everyday life, we use numbers all the time, whether for counting, telling time, or handling money. The number system we’re most familiar with is the   decimal system , but computers use other systems, such as   binary   and   hexadecimal . Let’s break down these number systems to understand how they work. What is a Number System? A number system is a way of representing numbers using a set of symbols and rules. The most common number systems are: Decimal (Base 10) Binary (Base 2) Hexadecimal (Base 16) Each system has a different “base” that tells us how many unique digits (symbols) are used to represent numbers. Decimal Number System (Base 10) This is the system we use daily. It has  10 digits , ranging from  0 to 9 . Example: The number  529  in decimal means: 5 × 1⁰² + 2 × 1⁰¹ + 9 × 1⁰⁰ =  500 + 20 + 9 = 529 Each position represents a power of 10, starting from the rightmost digit. Why Base 10? Decimal is base 10 because it has 10 digits...
Post a Comment
Read More »

How to Monetize Your API as an Individual Developer While Hosting on Your Own Server?

By mvryo
In the API economy, cloud services like AWS, Google Cloud, and Azure offer many conveniences, such as scaling and infrastructure management. However, some developers prefer more control and autonomy, opting to host their APIs on personal servers. Whether for cost efficiency, data privacy, or customization, hosting your own API comes with both advantages and challenges. But, even without cloud platforms, there are effective ways to monetize your API. This guide will explore how individual developers can successfully monetize their APIs while hosting them on their own servers. Why Host Your API on Your Own Server? Hosting your own API gives you full control over the infrastructure and potentially lower long-term costs. Here’s why some developers choose this approach: Cost Control : Instead of paying ongoing cloud fees, you may opt for a one-time or lower-cost hosting solution that fits your budget and resource needs. Data Ownership : You have full control over data, which is critical if ...
Post a Comment
Read More »

The Weight of Responsibility: A Developer’s Journey to Balance Passion and Reality

By mvryo
For the past several years, Eddie has been on a steady climb in his career as a developer, but recently, he found himself at a crossroads — caught between the weight of his responsibilities and the desire to pursue his true passions. His journey began with a three-month internship as a web developer, which led to nearly four years in an application developer role. After that, he spent almost a year as a systems associate, managing tasks across systems analysis, quality assurance, and business analysis. Eventually, he returned to full-time software development for another two years before transitioning into more complex roles. For over a year, he worked as a multi-role software developer and database administrator before stepping into his current position as a senior software developer, database administrator, and cloud administrator — occasionally handling security tasks as well. Now, with over 8 years of professional experience, he also leads a small team of developers, which has been...
Post a Comment
Read More »

The Hidden Costs of Overdesign and Bad Practices in API Systems

By mvryo
In software development, simplicity and clarity are often sacrificed in favor of overly complex solutions. While it can be tempting to add more features and intricate designs to ensure robustness, overdesign and poor practices can have significant consequences. They frustrate developers, lead to inefficiencies, increase costs, and put unnecessary strain on system resources.  A recent example involving a team that has faced challenges with complexity highlights the pitfalls of such an approach. Overdesign: The Problem of Too Much Complexity Overdesign occurs when systems are built with more complexity than necessary. This might manifest in bloated APIs, convoluted data flows, or excessive checks and processes that don’t add substantial value. The goal is often to anticipate future problems, but this approach typically results in cumbersome systems that are difficult to maintain and scale. In one case, a company found itself paying a hefty price just to host two API services and a po...
Post a Comment
Read More »

Selenium for Beginners: What, Where, When, and Why to Use It in Automated Testing

By mvryo
In today’s software development landscape, automated testing has become essential for delivering robust applications efficiently. Among various automated testing tools,   Selenium   stands out as one of the most widely used and beginner-friendly options. As you embark on your journey into automated testing, it’s crucial to understand the   what, where, when, and why   of using Selenium. In this guide we will run through these essentials and help you decide if Selenium is the right tool for you. What is Selenium? Selenium  is an open-source framework used primarily for automating web browsers. It enables developers and testers to write scripts that interact with websites, simulating actions like clicking buttons, filling out forms, and navigating pages, which allows for comprehensive automated testing. Selenium supports multiple programming languages, including Python, Java, C#, and JavaScript, making it flexible for teams with different coding preferences. Key C...
Post a Comment
Read More »