Adding Environment Variables to a Vault Process

Avatar
Sean Ellefson
  • Updated

Scenario

You are trying to set a default environment variable on a Vault server process.

Solutions

Interactively

Environment variables for a given process are set from the environment that is launching the process.  To demonstrate this, you can try running a vault server process directly from your CLI by running the following:

VAULT_LICENSE=02MV4UU43BK5... vault server -config /etc/vault.d/

or, alternatively:

export VAULT_LICENSE=02MV4UU43BK5...
vault server -config /etc/vault.d/

If your Vault server is launched from a wrapper script, you would set the environment variable in the script ahead of the vault server

systemd

The recommended way to configure additional environment variables on a Vault process controlled by systemd is to use a Drop-In Unit file configuration.  This can be accomplished with the following:

$ sudo mkdir -p /etc/systemd/system/vault.service.d
$ cat << EOF | sudo tee /etc/systemd/system/vault.service.d/env.conf
> [Service]
> Environment=VAULT_LICENSE=02MV4UU43BK5...
> EOF
$ sudo systemctl daemon-reload
$ sudo systemctl restart vault

Kubernetes

The recommended way to configure additional environment variables on a Vault server pod deployed via the official Helm chart is to set the server.extraEnviromentVars override setting in the Helm chart:

helm install vault hashicorp/vault --set=server.extraEnvironmentVars.VAULT_LICENSE=02MV4UU43BK5...

Since the extraEnvironmentVars setting takes a dictionary argument, multiple variables can be specified with a comma-delimited syntax:

helm install vault hashicorp/vault --set=server.extraEnvironmentVars.GOOGLE_REGION=global,server.extraEnvironmentVars.VAULT_LICENSE=02MV4UU43BK5...

The recommended way to specify override values for Helm deployments is with a YAML file, which would look like the following:

server:
  extraEnvironmentVars: 
    VAULT_LICENSE: 02MV4UU43BK5...
    GOOGLE_REGION: global

Inspecting Environment Variables on a Running Vault Process

Linux

You can inspect the environment variables of any running process using the procfs API to the Linux kernel (provided you have sufficient privileges):

sudo cat /proc/$(pgrep vault)/environ

For cleaner output, something like the following will split the variables on new lines:

sudo xargs -0 -L1 -a /proc/$(pgrep vault)/environ

Kubernetes

You can get a list of the environment variables for a given pod by reading its container spec:

kubectl get pod vault-0 -o=jsonpath="{.spec.containers[*].env}" | jq

Articles in this section

See more

Related articles