HashiCorp Vault is an identity-based secrets and encryption management system for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. In this step by step guide I will show you how to install Vault on your Synology NAS using Docker and Portainer.

💡Note: This guide works perfectly with the latest Vault v1.16.1 release.

STEP 1

Please Support My work by Making a Donation.

STEP 2

Install Portainer using my step by step guide. If you already have Portainer installed on your Synology NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.

STEP 3

Make sure you have a synology.me Wildcard Certificate. Follow my guide to get a Wildcard Certificate. If you already have a synology.me Wildcard certificate, skip this STEP.

STEP 4

Go to Control Panel / Login Portal / Advanced Tab / click Reverse Proxy. Follow the instructions in the image below.

STEP 5

Now click the “Create” button. Follow the instructions in the image below.

STEP 6

After you click the Create button, the window below will open. Follow the instructions in the image below.

On the General area, set the Reverse Proxy Name description: type in Vault. After that, add the following instructions:

Source:
Protocol: HTTPS
Hostname: vault.yourname.synology.me
Port: 443

Check Enable HSTS

Destination:
Protocol: HTTP
Hostname: localhost
Port: 8205

STEP 7

On the Reverse Proxy Rules click the Custom Header tab. Click Create and then, from the drop-down menu, click WebSocket. After you click on WebSocket, two Header Names and two Values will be automatically added. Click Save. Follow the instructions in the image below.

STEP 8

Go to Control Panel / Network / Connectivity tab/ Check Enable HTTP/2 then click Apply. Follow the instructions in the image below.

STEP 9

Go to Control Panel / Security / Advanced tab/ Check Enable HTTP Compression then click Apply. Follow the instructions in the image below.

STEP 10

Go to File Station and open the docker folder. Inside the docker folder, create one new folder and name it vault. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

STEP 11

Now create four new folders inside the vault folder that you created at STEP 10 and name them config, data, logs, plugins. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

STEP 12

Download (click on the blue link below) then upload the vault.json file below in the config folder that you have previously created at STEP 11. Follow the instructions in the image below. 🔒Note: Support my work to unlock the password. You can use this password to download any file on mariushosting forever!

👉🏻Download vault.json

STEP 13

Log into Portainer using your username and password. On the left sidebar in Portainer, click on Stacks then + Add stack. Follow the instructions in the image below.

STEP 14

In the Name field type in vault. Follow the instructions in the image below.

Note: Copy Paste the code below in the Portainer Stacks Web editor.

version: "3.9"
services:
  vault:
    image: hashicorp/vault:latest
    container_name: Vault
    hostname: vault
    mem_limit: 512m
    cpu_shares: 768
    security_opt:
      - no-new-privileges:true
    cap_add:
      - IPC_LOCK
    entrypoint: vault server -config=/vault/config/vault.json
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:8200
    ports:
      - 8205:8200
    volumes:
      - /volume1/docker/vault/logs:/vault/logs:rw
      - /volume1/docker/vault/data:/vault/file:rw
      - /volume1/docker/vault/config:/vault/config:rw
      - /volume1/docker/vault/plugins:/vault/plugins:rw
      - /etc/localtime:/etc/localtime:ro
    environment:
      VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
    restart: on-failure:5

STEP 15

Scroll down on the page until you see a button named Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.

STEP 16

If everything goes right, you will see the following message at the top right of your screen: “Success Stack successfully deployed“.

STEP 17

Go back to STEP 1 or you will deal with karma 🙂

STEP 18

Now open your browser and type in your HTTPS/SSL certificate like this https://vault.yourname.synology.me that you have previously created at STEP 6. In my case it’s https://vault.mariushosting.synology.me If everything goes right, you will see the Vault setup page. In the Key shares area type in 1 and in the Key threshold area type in 1. Click Initialize. Follow the instructions in the image below.

STEP 19

Download your Initial root token and your Key 1 then store in a safe place. Click Continue to Unseal. Follow the instructions in the image below.

STEP 20

In the Unseal Key Portion area paste your Key 1 that you have previously generated at STEP 19, then click Unseal. Follow the instructions in the image below.

STEP 21

Sign in to Vault. Choose Token from the dropdown menu, then paste your root token that you have previously generated at STEP 19. Click Sign In. Follow the instructions in the image below.

STEP 22

Your Vault Dashboard at a glance!

Enjoy Vault!

Note: HashiCorp Vault Full Documentation.

This post was updated on Wednesday / April 17th, 2024 at 2:13 PM

How to Install Vault on Your Synology NAS

💡Note: This guide works perfectly with the latest Vault v1.16.1 release.

STEP 1

STEP 2

STEP 3

STEP 4

STEP 5

STEP 6

STEP 7

STEP 8

STEP 9

STEP 10

STEP 11

STEP 12

👉🏻Download vault.json

STEP 13

STEP 14

STEP 15

STEP 16

STEP 17

STEP 18

STEP 19

STEP 20

STEP 21

STEP 22

🧡 I Need Your Help!