HashiCorp Vault is an identity-based secrets and encryption management system for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. In this step by step guide I will show you how to install VaultĀ on yourĀ Synology NASĀ using Docker and Portainer.
Vault v1.20.2Ā release.
This guide works perfectly with the latestSTEP 1
Please Support My work by Making a Donation.
STEP 2
InstallĀ Portainer using my step by step guide. If you already have Portainer installed on your Synology NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.
STEP 3
Make sure you have a synology.me Wildcard Certificate. Follow my guide to get a Wildcard Certificate. If you already have a synology.me Wildcard certificate, skip this STEP.
STEP 4
Go toĀ Control PanelĀ /Ā Login PortalĀ /Ā AdvancedĀ Tab / clickĀ Reverse Proxy. Follow the instructions in the image below.
STEP 5
Now click the āCreateā button. Follow the instructions in the image below.
STEP 6
After you click the Create button, the window below will open. Follow the instructions in the image below.
On the General area, set the Reverse Proxy Name description: type in Vault. After that, add the following instructions:
Source:
Protocol:Ā HTTPS
Hostname: vault.yourname.synology.me
Port:Ā 443
Check Enable HSTS
Destination:
Protocol:Ā HTTP
Hostname:Ā localhost
Port:Ā 8205
STEP 7
On the Reverse Proxy Rules, click the Custom HeaderĀ tab. ClickĀ CreateĀ and then, from the drop-down menu, clickĀ WebSocket. After you click on WebSocket, two Header Names and two Values will be automatically added. ClickĀ Save. Follow the instructions in the image below.
STEP 8
Go to Control Panel / Network / Connectivity tab/ Check Enable HTTP/2 then click Apply. Follow the instructions in the image below.
STEP 9
Go to Control Panel / Security / Advanced tab/ Check Enable HTTP CompressionĀ then click Apply. Follow the instructions in the image below.
STEP 10
Go toĀ File StationĀ and open the docker folder. Inside the docker folder, create one new folder and name itĀ vault. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.
STEP 11
Now create four new folders inside the vault folder that you created at STEP 10 and name them config, data, logs, plugins. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.
STEP 12
Download (click on the blue link below) then upload the vault.json file below in the config folder that you have previously created at STEP 11. Follow the instructions in the image below. šNote: Support my work to unlock the password. You can use this password to download any file on mariushosting forever!
STEP 13
Log into Portainer using your username and password. On the left sidebar in Portainer, click onĀ HomeĀ thenĀ Live connect. Follow the instructions in the image below.
On the left sidebar in Portainer, click on StacksĀ thenĀ + Add stack. Follow the instructions in the image below.
STEP 14
In the Name field type in vault. Follow the instructions in the image below.
services: vault: image: hashicorp/vault:latest container_name: Vault hostname: vault mem_limit: 512m cpu_shares: 768 security_opt: - no-new-privileges:true cap_add: - IPC_LOCK entrypoint: vault server -config=/vault/config/vault.json healthcheck: test: wget --no-verbose --tries=1 --spider http://localhost:8200 ports: - 8205:8200 volumes: - /volume1/docker/vault/logs:/vault/logs:rw - /volume1/docker/vault/data:/vault/file:rw - /volume1/docker/vault/config:/vault/config:rw - /volume1/docker/vault/plugins:/vault/plugins:rw - /etc/localtime:/etc/localtime:ro environment: VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200 restart: on-failure:5
STEP 15
Scroll down on the page until you see a button namedĀ Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.
STEP 16
If everything goes right, you will see the following message at the top right of your screen: āSuccess Stack successfully deployedā.
STEP 17
š¢Please Support My work by Making a Donation. Almost 99,9% of the people that install something using my guidesĀ forget to support my work, or justĀ ignoreĀ STEP 1. Iāve been very honest about this aspect of my work since the beginning: I donāt run any ADS, I donāt require subscriptions, paid or otherwise, I donāt collect IPs, emails, and I donāt have any referral links from Amazon or other merchants. I also donāt have any POP-UPs or COOKIES. I have repeatedly been told over the years how much I have contributed to the community. Itās something I love doing and have been honest about my passion since the beginning. But I also Need The Community to Support me Back to be able to continue doing this work.
STEP 18
Now open your browser and type in your HTTPS/SSL certificate like this https://vault.yourname.synology.me that you have previously created at STEP 6. In my case it’s https://vault.mariushosting.synology.me If everything goes right, you will see the Vault setup page. In the Key shares area type in 1 and in the Key threshold area type in 1. Click Initialize. Follow the instructions in the image below.
STEP 19
DownloadĀ your Initial root token and your Key 1 then store in a safe place. Click Continue to Unseal. Follow the instructions in the image below.
STEP 20
In the Unseal Key Portion area paste your Key 1 that you have previously generated at STEP 19, then click Unseal. Follow the instructions in the image below.
STEP 21
Sign in to Vault. Choose Token from the dropdown menu, then paste your root token that you have previously generated at STEP 19. Click Sign In. Follow the instructions in the image below.
STEP 22
Your Vault Dashboard at a glance!
Enjoy Vault!
Note: HashiCorp Vault Full Documentation.
Note: Can I run Docker on my Synology NAS?Ā See the supported models.
Note: How to Back Up Docker Containers on your Synology NAS.
Note: Find outĀ how to update the Vault container with the latest image.
Note: How to Free Disk Space on Your NAS if You Run Docker.
Note: How to Schedule Start & Stop For Docker Containers.
Note: How to Activate Email Notifications.
Note: How to Add Access Control Profile on Your NAS.
Note: How to Change Docker Containers Restart Policy.
Note: How to Use Docker Containers With VPN.
Note: Convert Docker Run Into Docker Compose.
Note: How to Clean Docker.
Note: How to Clean Docker Automatically.
Note: Best Practices When Using Docker and DDNS.
Note: Some Docker Containers Need WebSocket.
Note: Find out the Best NAS Models For Docker.
Note: Activate Gmail SMTP For Docker Containers.
This post was updated on Wednesday / August 27th, 2025 at 7:44 PM