Skip to content

CLI Setup & Access#

Vault Enterprise

Make sure and install vault-enterprise (instead of vault) otherwise you will not be able to login via SAML. To check if you have the enterprise binary installed, run vault version and look for Vault vX.XX.X+ent. If you have previously installed the open source vault binary, you may need to uninstall it or update your path to reference vault-enterprise. For example, brew will include the following error "Could not symlink bin/vault. Target /opt/homebrew/bin/vault is a symlink belonging to vault. You can unlink it: brew unlink vault"

Hashicorp Instructions

Windows#

Note

vault-enterprise is not available via choco or scoop (only vault open source)

PowerShell(Recommended)#

Copy and Paste this one-liner into Powershell:

PowerShell
$latest = (Invoke-RestMethod "https://api.github.com/repos/hashicorp/vault/releases/latest").tag_name.TrimStart('v'); Write-Host "Downloading Vault Enterprise $latest..."; (New-Object Net.WebClient).DownloadFile("https://releases.hashicorp.com/vault/${latest}+ent/vault_${latest}+ent_windows_amd64.zip", "$env:TEMP\vault.zip"); Expand-Archive "$env:TEMP\vault.zip" "$env:USERPROFILE\vault" -Force; $env:PATH += ";$env:USERPROFILE\vault"; [Environment]::SetEnvironmentVariable("PATH", $env:PATH, "User"); Remove-Item "$env:TEMP\vault.zip"; Write-Host "Vault Enterprise $latest installed!"

Command prompt#

Copy and Paste this one-liner into CMD:

Text Only
curl -L "https://releases.hashicorp.com/vault/1.20.0+ent/vault_1.20.0+ent_windows_amd64.zip" -o "%TEMP%\vault.zip" && powershell -Command "Expand-Archive '%TEMP%\vault.zip' '%USERPROFILE%\vault' -Force" && setx PATH "%PATH%;%USERPROFILE%\vault" >nul && set "PATH=%PATH%;%USERPROFILE%\vault" && del "%TEMP%\vault.zip" && echo Vault Enterprise installed!

Manual Installation#

If you prefer manual installation:

  1. Download binary from https://releases.hashicorp.com/vault/. Click on the most recent version with +ent (i.e. vault_1.20.0+ent), and then choose vault_VERSION+ent_windows_amd64.zip for 64bit
  2. Extract the downloaded zip
  3. Add the location of the downloaded binary to your path or move the vault binary into an existing location in your path. This page contains instructions for setting the PATH on Windows.

Mac#

Homebrew#

To use Homebrew, you need to have the Command Line Tools (CLT) for Xcode installed. See these Homebrew instructions

Text Only
brew tap hashicorp/tap
brew install hashicorp/tap/vault-enterprise

Manual#

  1. Download binary from https://developer.hashicorp.com/vault/install
  2. Add the location of the downloaded binary to your path.

Linux#

Ubuntu/Debian#

Bash
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install vault-enterprise

RHEL#

Manual Installation(Single Server)#

Bash
sudo dnf install -y yum-utils
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
sudo dnf -y install vault-enterprise

Ansible Deployment (Multiple Servers)#

For automated deployment across multiple RHEL servers, use this Ansible playbook:

Step 1: Create the playbook file Copy the following content and save it as vault-install.yml:

YAML
---
- name: Install Vault Enterprise Binary
  hosts: all
  become: true
  tasks:
    - name: Add HashiCorp repository
      ansible.builtin.yum_repository:
        name: hashicorp
        description: "HashiCorp Stable - $basearch"
        baseurl: "https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable"
        gpgkey: "https://rpm.releases.hashicorp.com/gpg"
        gpgcheck: true
        enabled: true
        state: present

    - name: Install Vault Enterprise binary
      ansible.builtin.dnf:
        name: vault-enterprise
        state: present

    - name: Verify installation
      ansible.builtin.command: vault version
      register: vault_version_output
      changed_when: false

    - name: Display Vault version
      ansible.builtin.debug:
        msg: "Installed: {{ vault_version_output.stdout }}"
Step 2: Run the playbook

Option 1: Ansible CLI

Bash
# Install Vault Enterprise binary (supports CLI, Proxy, and Agent) 
ansible-playbook -i inventory vault-install.yml
Option 2: Ansible Automation Platform(AAP):

Create a job template in AAP for easier execution and better audit trails. Please refer:

Learn how to setup AAP templates

CLI Login#

  1. Export the VAULT_ADDR environment variable

    • Windows: set VAULT_ADDR=https://hcp-vault-private-vault-fc507e0d.5d5b1f21.z1.hashicorp.cloud:8200
    • Powershell: $env:VAULT_ADDR='https://hcp-vault-private-vault-fc507e0d.5d5b1f21.z1.hashicorp.cloud:8200'
    • Linux/Mac: export VAULT_ADDR=https://hcp-vault-private-vault-fc507e0d.5d5b1f21.z1.hashicorp.cloud:8200

  2. Login to Vault

    Bash
    #EntraID via SAML
vault login -method=saml --namespace=admin

  3. Set your namespace

    Bash
    # Either export the VAULT_NAMESPACE environment variable
export VAULT_NAMESPACE=admin/CESI_UNIT

# Or add the namespace flag to Vault CLI commands
vault COMMAND -namespace=admin/CESI_UNIT
    Batchfile
    set VAULT_NAMESPACE=admin/CESI_UNIT
    PowerShell
    $env:VAULT_NAMESPACE="admin/CESI_UNIT"