Over the last month I’ve been evaluating and using HashiCorp Vault in a couple of environments. Initially when I started to work with the product, it was a bit confusing but the learning curve is quite small in reality. HashiCorp Vault, open source, is a great tool for keeping secrets for local development environments; however, I wanted to use this on a more enterprise scale. This lead me to seeking out the enterprise version and some of the advance capabilities of it. One of these capabilities is how to use HashiCorp Vault against Oracle Database and Oracle GoldenGate (more on this later). For this post, I want to focus on the licensing aspects of HashiCorp Vault Enterprise.
When you first download HashiCorp Vault Enterprise, you are given a 30-day license for evaluation. This evaluation license is great for a user to dive in and look at many of the advanced features. For my purposes, I’ve been looking at this for securing Oracle environments, which do not come standard with HashiCorp Vault. To use Vault within an Oracle space, you have to use an externally develop plug-in. The time that it takes to figure out this plug-in, test, and develop a plan for deployment the evaluation license may be close to being done. Not to worry, a HashiCorp Partner or sales rep can hook you up with a license … :). Once you obtain a valid enterprise license the next thing to do is to update the software with the new key.
Updating the HashiCorp Vault Enterprise with a new license key perform the following:
1. Login to HashiCorp Vault using the root token (VAULT_TOKEN) or any other sufficiently permissined account.
[[email protected] ~]$ vault login
Token (will be hidden):
WARNING! The VAULT_TOKEN environment variable is set! This takes precedence
over the value set by this command. To use the value set by this command,
unset the VAULT_TOKEN environment variable or set it to the token displayed
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run “vault login”
again. Future Vault requests will automatically use this token.
2. Run a “vault write” command to update the license key
[[email protected] ~]$ vault write sys/license text=02MV4UU43BK5HGYYTOJZWFQMT……
Success! Data written to: sys/license
At this point, the HashiCorp Vault Enterprise has been updated with the new license key and should function as normal.