Configure Piiano Vault to use TLS
Learn how to configure Piiano Vault to use the Transport Layer Security (TLS) cryptographic protocol to protect data in motion
If you're using the hosted version of Vault, TLS is implemented by default.
To configure Dev edition or the Server edition to use TLS (and listen as HTTPS), use one of these options:
Set the environment variable
PVAULT_TLS_ENABLE
to 1, setPVAULT_TLS_CERT_FILE
to the TLS certificate location, andPVAULT_TLS_KEY_FILE
to the private key location. For example, if running Vault Dev, add these flags to thedocker run
command:-v $(pwd):/certs -e \
-e PVAULT_TLS_ENABLE=1 \
-e PVAULT_TLS_CERT_FILE=/certs/pvault.crt \
-e PVAULT_TLS_KEY_FILE=/certs/pvault.key \tipYou can generate the key and self-signed certificate files with this command:
openssl req -newkey rsa:2048 -keyout pvault.key -x509 -days 365 -out pvault.crt -subj "/CN=localhost/O=Piiano"
Set the environment variable
PVAULT_TLS_SELFSIGNED
totrue
to instruct Vault to generate and use a self-signed certificate that is valid for 1 year. The default toolchains do not trust this certificate. To accept the certificate, configure the client to allow insecure connections (for example, by runningcurl -k
when using cURL).