How to Install Vault on Your Synology NAS

How to Install Vault on Your Synology NAS

HashiCorp Vault is an identity-based secrets and encryption management system for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. In this step by step guide I will show you how to install VaultĀ on yourĀ Synology NASĀ using Docker and Portainer.

šŸ’”Note: This guide works perfectly with the latest Vault v1.20.2Ā release.

  • STEP 1

Please Support My work by Making a Donation.

  • STEP 2

InstallĀ Portainer using my step by step guide. If you already have Portainer installed on your Synology NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.

  • STEP 3

Make sure you have a synology.me Wildcard Certificate. Follow my guide to get a Wildcard Certificate. If you already have a synology.me Wildcard certificate, skip this STEP.

  • STEP 4

Go toĀ Control PanelĀ /Ā Login PortalĀ /Ā AdvancedĀ Tab / clickĀ Reverse Proxy. Follow the instructions in the image below.

Vault Synology NAS Set up 1

  • STEP 5

Now click the ā€œCreateā€ button. Follow the instructions in the image below.

Vault Synology NAS Set up 2

  • STEP 6

After you click the Create button, the window below will open. Follow the instructions in the image below.

On the General area, set the Reverse Proxy Name description: type in Vault. After that, add the following instructions:

Source:
Protocol:Ā HTTPS
Hostname: vault.yourname.synology.me
Port:Ā 443

Check Enable HSTS

Destination:
Protocol:Ā HTTP
Hostname:Ā localhost
Port:Ā 8205

Vault Synology NAS Set up 3

  • STEP 7

On the Reverse Proxy Rules, click the Custom HeaderĀ tab. ClickĀ CreateĀ and then, from the drop-down menu, clickĀ WebSocket. After you click on WebSocket, two Header Names and two Values will be automatically added. ClickĀ Save. Follow the instructions in the image below.

Synology Proxy WebSocket

  • STEP 8

Go to Control Panel / Network / Connectivity tab/ Check Enable HTTP/2 then click Apply. Follow the instructions in the image below.

Vault Synology NAS Set up 4

  • STEP 9

Go to Control Panel / Security / Advanced tab/ Check Enable HTTP CompressionĀ then click Apply. Follow the instructions in the image below.

Vault Synology NAS Set up 5

  • STEP 10

Go toĀ File StationĀ and open the docker folder. Inside the docker folder, create one new folder and name itĀ vault. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

Vault Synology NAS Set up 6

  • STEP 11

Now create four new folders inside the vault folder that you created at STEP 10 and name them config, data, logs, plugins. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

Vault Synology NAS Set up 7

  • STEP 12

Download (click on the blue link below) then upload the vault.json file below in the config folder that you have previously created at STEP 11. Follow the instructions in the image below. šŸ”’Note: Support my work to unlock the password. You can use this password to download any file on mariushosting forever!

šŸ‘‰šŸ»Download vault.json

Vault Synology NAS Set up 8

  • STEP 13

Log into Portainer using your username and password. On the left sidebar in Portainer, click onĀ HomeĀ thenĀ Live connect. Follow the instructions in the image below.

Portainer Add Stack NAS 1

On the left sidebar in Portainer, click on StacksĀ thenĀ + Add stack. Follow the instructions in the image below.

Portainer Add Stack NAS 2

  • STEP 14

In the Name field type in vault. Follow the instructions in the image below.

Note: Copy Paste the code below in the Portainer Stacks Web editor.

services:
  vault:
    image: hashicorp/vault:latest
    container_name: Vault
    hostname: vault
    mem_limit: 512m
    cpu_shares: 768
    security_opt:
      - no-new-privileges:true
    cap_add:
      - IPC_LOCK
    entrypoint: vault server -config=/vault/config/vault.json
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:8200
    ports:
      - 8205:8200
    volumes:
      - /volume1/docker/vault/logs:/vault/logs:rw
      - /volume1/docker/vault/data:/vault/file:rw
      - /volume1/docker/vault/config:/vault/config:rw
      - /volume1/docker/vault/plugins:/vault/plugins:rw
      - /etc/localtime:/etc/localtime:ro
    environment:
      VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
    restart: on-failure:5

Vault Synology NAS Set up 9 new 2025

  • STEP 15

Scroll down on the page until you see a button namedĀ Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.

Vault Synology NAS Set up 10 new 2025

  • STEP 16

If everything goes right, you will see the following message at the top right of your screen: ā€œSuccess Stack successfully deployedā€œ.

Portainer Success Stack NAS

  • STEP 17

🟢Please Support My work by Making a Donation. Almost 99,9% of the people that install something using my guidesĀ forget to support my work, or justĀ ignoreĀ STEP 1. I’ve been very honest about this aspect of my work since the beginning: I don’t run any ADS, I don’t require subscriptions, paid or otherwise, I don’t collect IPs, emails, and I don’t have any referral links from Amazon or other merchants. I also don’t have any POP-UPs or COOKIES. I have repeatedly been told over the years how much I have contributed to the community. It’s something I love doing and have been honest about my passion since the beginning. But I also Need The Community to Support me Back to be able to continue doing this work.

  • STEP 18

Now open your browser and type in your HTTPS/SSL certificate like this https://vault.yourname.synology.me that you have previously created at STEP 6. In my case it’s https://vault.mariushosting.synology.me If everything goes right, you will see the Vault setup page. In the Key shares area type in 1 and in the Key threshold area type in 1. Click Initialize. Follow the instructions in the image below.

Vault Synology NAS Set up 12

  • STEP 19

DownloadĀ your Initial root token and your Key 1 then store in a safe place. Click Continue to Unseal. Follow the instructions in the image below.

Vault Synology NAS Set up 13

  • STEP 20

In the Unseal Key Portion area paste your Key 1 that you have previously generated at STEP 19, then click Unseal. Follow the instructions in the image below.

Vault Synology NAS Set up 14

  • STEP 21

Sign in to Vault. Choose Token from the dropdown menu, then paste your root token that you have previously generated at STEP 19. Click Sign In. Follow the instructions in the image below.

Vault Synology NAS Set up 15

  • STEP 22

Your Vault Dashboard at a glance!

Vault Synology NAS Set up 16

Enjoy Vault!

Note: HashiCorp Vault Full Documentation.

Note: Can I run Docker on my Synology NAS?Ā See the supported models.
Note: How to Back Up Docker Containers on your Synology NAS.
Note: Find outĀ how to update the Vault container with the latest image.
Note: How to Free Disk Space on Your NAS if You Run Docker.
Note: How to Schedule Start & Stop For Docker Containers.
Note: How to Activate Email Notifications.
Note: How to Add Access Control Profile on Your NAS.
Note: How to Change Docker Containers Restart Policy.
Note: How to Use Docker Containers With VPN.
Note: Convert Docker Run Into Docker Compose.
Note: How to Clean Docker.
Note: How to Clean Docker Automatically.
Note: Best Practices When Using Docker and DDNS.
Note: Some Docker Containers Need WebSocket.
Note: Find out the Best NAS Models For Docker.
Note: Activate Gmail SMTP For Docker Containers.

This post was updated on Wednesday / August 27th, 2025 at 7:44 PM