Store Passwords Securely with Hashicorp Vault on Ubuntu 20.04

It is always not possible to remember all the secret keys, passphrases, and tokens. Sometimes managing and maintaining secrets might be challenging tasks. We may need to store such secrets somewhere which we can use when needed. Hashicorp Vault is a solution that can be used to store secrets. It protects all the secrets stored on it and keeps secured. In this article, we will learn how to install Hashicorp vault on ubuntu 20.04.


  • Freshly installed ubuntu system
  • Root privileged user account
  • Internet connection to download packages

Update the server

Before starting the setup, make sure that your ubuntu server is up to date. Run the following command to update and upgrade application packages.

$ sudo apt-get update && sudo apt-get upgrade -y
Download the latest version of a vault

The latest version of the vault application is available on the Hashicorp vault download page. Go to the link and search “Latest Downloads ” at the bottom of the page. Find the download package for Linux and copy the download link.

Download Vault

Once the link is copied, the application can be downloaded using the wget command.

$ wget

Download using wget

Extract the file

Once the download is completed, extract the archive and move the file to /usr/bin directory.

$ unzip
$ sudo mv vault /usr/bin

Unpack the archive

You can type vault command which will display the common vault commands.

$ vault

Run Vault

Create a vault configuration file

Create some directories to store vault data and configuration files. In this article, we will store configuration files under the directory /etc/vault and vault data under the directory /var/lib/vault/data .

$ sudo mkdir /etc/vault
$ sudo mkdir -p /var/lib/vault/data

Now create a hashicorp vault configuration file in /etc/vault directory.

$ sudo vi /etc/vault/config.hcl

Paste the following contents and save.

disable_cache = true
disable_mlock = true
ui = true
listener "tcp" {
address = ""
tls_disable = 1
storage "file" {
path = "/var/lib/vault/data"
api_addr = ""
max_lease_ttl = "8h"
default_lease_ttl = "8h"
cluster_name = "vault"
raw_storage_endpoint = true
disable_sealwrap = true
disable_printable_check = true

Configure vault to run as service

We need to create a vault service file to run the vault application as a service. Go to the directory /etc/systemd/system/ and create a service file with the following contents.

$ sudo vi /etc/systemd/system/vault.service
Description="HashiCorp Vault - A tool for managing secrets"

ExecStart=/usr/bin/vault server -config=/etc/vault/config.hcl
ExecReload=/bin/kill --signal HUP


Save the file and exit.

Systemd unit file for Vault

Enable and start vault service

Run the following command to start and enable vault service.

$ sudo systemctl daemon-reload
$ sudo systemctl start vault
$ sudo systemctl enable vault

To check the vault service status, run the following command.

$ sudo systemctl status vault

Vault service started

Access vault UI using browser

We have installed and configured the vault. Now you can access vault UI using the following URL.


Access Vault web ui

You can initialize and use the vault as your password manager.


In this article, we learned how to install and configure the Hashicorp vault on the Ubuntu system to store secret tokens, passwords, and certificates.