This is an example of Terraform code to deploy a Vault cluster in Azure using the vault-cluster module. The Vault cluster uses Consul as a storage backend, so this example also deploys a separate Consul server cluster using the consul-cluster module from the Consul Azure Module.
This example creates a public Vault cluster that is accessible from the public Internet via an Azure Load Balancer.
WARNING: For production use, you should deploy the cluster without a load balancer so that it is only accessible from within your Azure account.
You will need to create an Azure Managed Image that has Vault and Consul installed, which you can do using the vault-consul-image example.
For more info on how the Vault cluster works, check out the vault-cluster documentation.
To deploy a Vault Cluster:
git clonethis repo to your computer.- Build a Vault and Consul Azure Image. See the vault-consul-image example documentation for instructions.
- Install Terraform.
- Open
vars.tf, set the environment variables specified at the top of the file, and fill in any other variables that don't have a default, including putting your AMI ID into theami_idvariable. - Run
terraform init. - Run
terraform plan. - If the plan looks good, run
terraform apply. - Run the vault-examples-helper.sh script to
print out the IP addresses of the Vault servers and some example commands you can run to interact with the cluster:
../vault-examples-helper/vault-examples-helper.sh.
To see how to connect to the Vault cluster, initialize it, and start reading and writing secrets, head over to the How do you use the Vault cluster? docs.