Introduction
This article will provide instructions on how to access the private URL of a cluster in HCP.
Prerequisites
Create a network peering connection between HashiCorp Cloud Platform and an AWS VPC.
Connect an Amazon Transit Gateway to your HashiCorp Virtual Network.
- This step is applicable for on-prem networks.
- Learn Guide here.
Procedure
These are HCP Vault specific examples.
Access via CLI command
- From a machine deployed in the VPC connected to HVN.
- Set the
VAULT_ADDR,VAULT_TOKENandVAULT_NAMESPACEenvironment variables.
export VAULT_ADDR=https://hcpv-your-name.private.vault.def84aba-3536-4894-a627-6d7ed3acc5ff.aws.hashicorp.cloud:8200
export VAULT_NAMESPACE=admin
export VAULT_TOKEN=<REDACTED>
- Test connectivity to Vault with
vault statuscommand.
~ ❯ vault status
Key Value
--- -----
Recovery Seal Type shamir
Initialized true
Sealed false
Total Recovery Shares 1
Threshold 1
Version 1.8.1+ent
Storage Type raft
Cluster Name vault-cluster-d082b1c1
Cluster ID c27cd9af-56e1-b851-b4e9-9d492e2ddbbd
HA Enabled true
HA Cluster https://10.0.2.34:8201
HA Mode active
Active Since 2021-08-30T17:12:20.90159782Z
Raft Committed Index 3548
Raft Applied Index 3548
Last WAL 808
API call using cURL
- Set the
VAULT_ADDRandVAULT_TOKENenvironment variables.
- Test connectivity to Vault using
curl.
~ ❯ curl --header "X-Vault-Token: $VAULT_TOKEN" \
--header "X-Vault-Namespace: admin" \
$VAULT_ADDR/v1/sys/seal-status | jq
{
"type": "shamir",
"initialized": true,
"sealed": false,
"t": 1,
"n": 1,
"progress": 0,
"nonce": "",
"version": "1.8.1+ent",
"migration": false,
"cluster_name": "vault-cluster-d082b1c1",
"cluster_id": "c27cd9af-56e1-b851-b4e9-9d492e2ddbbd",
"recovery_seal": true,
"storage_type": "raft"
}
Access via Web UI
- Private Vault URLs can be accessed from browser based machines deployed in the VPC connected to HVN.