»Vault Enterprise License Management

You can use this Helm chart to deploy Vault Enterprise by following a few extra steps around licensing.

»Vault Enterprise 1.8+

First create a Kubernetes secret using the contents of your license file. For example, the following commands create a secret with the name vault-ent-license and key license:

secret=$(cat 1931d1f4-bdfd-6881-f3f5-19349374841f.hclic)
kubectl create secret generic vault-ent-license --from-literal="license=${secret}"
secret=$(cat 1931d1f4-bdfd-6881-f3f5-19349374841f.hclic)kubectl create secret generic vault-ent-license --from-literal="license=${secret}"

In your chart overrides, set the values of server.image to one of the enterprise release tags. Also set the name of the secret you just created in server.enterpriseLicense.

# config.yaml
server:
  image:
    repository: hashicorp/vault-enterprise
    tag: 1.8.0_ent
  enterpriseLicense:
    secretName: vault-ent-license
# config.yamlserver:  image:    repository: hashicorp/vault-enterprise    tag: 1.8.0_ent  enterpriseLicense:    secretName: vault-ent-license

Now run helm install:

$ helm install hashicorp hashicorp/vault -f config.yaml
$ helm install hashicorp hashicorp/vault -f config.yaml

Once the cluster is initialized and unsealed, you may check the license status using the vault license get command:

kubectl exec -ti vault-0 -- vault license get
kubectl exec -ti vault-0 -- vault license get

»Vault Enterprise prior to 1.8

In your chart overrides, set the values of server.image to one of the enterprise release tags. Install the chart, and initialize and unseal vault as described in Running Vault.

After Vault has been initialized and unsealed, setup a port-forward tunnel to the Vault Enterprise cluster:

kubectl port-forward vault-0 8200:8200
kubectl port-forward vault-0 8200:8200

Next, in a separate terminal, create a payload.json file that contains the license key like this example:

{
  "text": "01ABCDEFG..."
}
{  "text": "01ABCDEFG..."}

Finally, using curl, apply the license key to the Vault API:

curl \
  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
  --request PUT \
  --data @payload.json \
  http://127.0.0.1:8200/v1/sys/license

curl \  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \  --request PUT \  --data @payload.json \  http://127.0.0.1:8200/v1/sys/license

To verify that the license installation worked correctly, using curl, run the following:

curl \
  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \
  http://127.0.0.1:8200/v1/sys/license
curl \  --header "X-Vault-Token: VAULT_LOGIN_TOKEN_HERE" \  http://127.0.0.1:8200/v1/sys/license