HashiCorp Vault is an identity-based secrets and encryption management system for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. In this step by step guide I will show you how to install Vault on your Synology NAS using Docker and Portainer.
Vault v1.17.6 release.
This guide works perfectly with the latestSTEP 1
Please Support My work by Making a Donation.
STEP 2
Install Portainer using my step by step guide. If you already have Portainer installed on your Synology NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.
STEP 3
Make sure you have a synology.me Wildcard Certificate. Follow my guide to get a Wildcard Certificate. If you already have a synology.me Wildcard certificate, skip this STEP.
STEP 4
Go to Control Panel / Login Portal / Advanced Tab / click Reverse Proxy. Follow the instructions in the image below.
STEP 5
Now click the “Create” button. Follow the instructions in the image below.
STEP 6
After you click the Create button, the window below will open. Follow the instructions in the image below.
On the General area, set the Reverse Proxy Name description: type in Vault. After that, add the following instructions:
Source:
Protocol: HTTPS
Hostname: vault.yourname.synology.me
Port: 443
Check Enable HSTS
Destination:
Protocol: HTTP
Hostname: localhost
Port: 8205
STEP 7
On the Reverse Proxy Rules click the Custom Header tab. Click Create and then, from the drop-down menu, click WebSocket. After you click on WebSocket, two Header Names and two Values will be automatically added. Click Save. Follow the instructions in the image below.
STEP 8
Go to Control Panel / Network / Connectivity tab/ Check Enable HTTP/2 then click Apply. Follow the instructions in the image below.
STEP 9
Go to Control Panel / Security / Advanced tab/ Check Enable HTTP Compression then click Apply. Follow the instructions in the image below.
STEP 10
Go to File Station and open the docker folder. Inside the docker folder, create one new folder and name it vault. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.
STEP 11
Now create four new folders inside the vault folder that you created at STEP 10 and name them config, data, logs, plugins. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.
STEP 12
Download (click on the blue link below) then upload the vault.json file below in the config folder that you have previously created at STEP 11. Follow the instructions in the image below. 🔒Note: Support my work to unlock the password. You can use this password to download any file on mariushosting forever!
STEP 13
Log into Portainer using your username and password. On the left sidebar in Portainer, click on Stacks then + Add stack. Follow the instructions in the image below.
STEP 14
In the Name field type in vault. Follow the instructions in the image below.
version: "3.9" services: vault: image: hashicorp/vault:latest container_name: Vault hostname: vault mem_limit: 512m cpu_shares: 768 security_opt: - no-new-privileges:true cap_add: - IPC_LOCK entrypoint: vault server -config=/vault/config/vault.json healthcheck: test: wget --no-verbose --tries=1 --spider http://localhost:8200 ports: - 8205:8200 volumes: - /volume1/docker/vault/logs:/vault/logs:rw - /volume1/docker/vault/data:/vault/file:rw - /volume1/docker/vault/config:/vault/config:rw - /volume1/docker/vault/plugins:/vault/plugins:rw - /etc/localtime:/etc/localtime:ro environment: VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200 restart: on-failure:5
STEP 15
Scroll down on the page until you see a button named Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.
STEP 16
If everything goes right, you will see the following message at the top right of your screen: “Success Stack successfully deployed“.
STEP 17
Go back to STEP 1 or you will deal with karma 🙂
STEP 18
Now open your browser and type in your HTTPS/SSL certificate like this https://vault.yourname.synology.me that you have previously created at STEP 6. In my case it’s https://vault.mariushosting.synology.me If everything goes right, you will see the Vault setup page. In the Key shares area type in 1 and in the Key threshold area type in 1. Click Initialize. Follow the instructions in the image below.
STEP 19
Download your Initial root token and your Key 1 then store in a safe place. Click Continue to Unseal. Follow the instructions in the image below.
STEP 20
In the Unseal Key Portion area paste your Key 1 that you have previously generated at STEP 19, then click Unseal. Follow the instructions in the image below.
STEP 21
Sign in to Vault. Choose Token from the dropdown menu, then paste your root token that you have previously generated at STEP 19. Click Sign In. Follow the instructions in the image below.
STEP 22
Your Vault Dashboard at a glance!
Enjoy Vault!
Note: HashiCorp Vault Full Documentation.
Note: Can I run Docker on my Synology NAS? See the supported models.
Note: How to Back Up Docker Containers on your Synology NAS.
Note: Find out how to update the Vault container with the latest image.
Note: How to Free Disk Space on Your NAS if You Run Docker.
Note: How to Schedule Start & Stop For Docker Containers.
Note: How to Activate Email Notifications.
Note: How to Add Access Control Profile on Your NAS.
Note: How to Change Docker Containers Restart Policy.
Note: How to Use Docker Containers With VPN.
Note: Convert Docker Run Into Docker Compose.
Note: How to Clean Docker.
Note: How to Clean Docker Automatically.
Note: Best Practices When Using Docker and DDNS.
Note: Some Docker Containers Need WebSocket.
Note: Find out the Best NAS Models For Docker.
Note: Activate Gmail SMTP For Docker Containers.
This post was updated on Wednesday / October 9th, 2024 at 1:29 AM