Vault is successfully…
- …installed
- …run as manual server:
vault server -config=D:/DATA/HashicorpVault/Conf/HashicorpVault.server.hcl - …accessed in the WEB browser
- …using TLS, certificates are read and used OK, connection reported secure
- …storing and retrieving persisted kv secrets across reboots and restarts
- …shortly doing everything I expect
… except one thing:
I have to run it under a hanging cmd window, which I feel is a bit unprofessional.
So I have tried in all recommended ways (as I see it) as described on Hashicorp’s site to run it as a service under nssm.
- Installing from a cmd shell as Administrator:
nssm install HashicorpVault “C:/Program Files/HashicorpVault/vault.exe” server -config="D:/DATA/HashicorpVault/Conf/HashicorpVault.server.hcl
nssm start HashicorpVault, however, always gives:HashicorpVault: Unexpected status SERVICE_PAUSED in response to START control- The vault is unaccessible from WEB UI
HashicorpVault.logis written in the expected directory, as configured in the configuration file. This indicates that the configuration file is successfully read- The “HashicorpVault.log” reads:
2024-12-15T00:20:54.367+0100 [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
2024-12-15T00:20:54.369+0100 [INFO] incrementing seal generation: generation=1
2024-12-15T00:20:54.369+0100 [DEBUG] core: set config: sanitized config="{\"administrative_namespace_path\":\"\",\"api_addr\":\"https://127.0.0.1:8200\",\"cache_size\":0,\"cluster_addr\":\"\",\"cluster_cipher_suites\":\"\",\"cluster_name\":\"\",\"default_lease_ttl\":0,\"default_max_request_duration\":0,\"detect_deadlocks\":\"\",\"disable_cache\":false,\"disable_clustering\":false,\"disable_indexing\":false,\"disable_mlock\":true,\"disable_performance_standby\":false,\"disable_printable_check\":false,\"disable_sealwrap\":false,\"disable_sentinel_trace\":false,\"enable_response_header_hostname\":false,\"enable_response_header_raft_node_id\":false,\"enable_ui\":true,\"experiments\":null,\"imprecise_lease_role_tracking\":false,\"introspection_endpoint\":false,\"listeners\":[{\"config\":{\"address\":\"0.0.0.0:8200\",\"tls_cert_file\":\"D:/Data/HashicorpVault/Prot/Tls/HashicorpVault.crt.pem\",\"tls_key_file\":\"D:/Data/HashicorpVault/Prot/Tls/HashicorpVault.private.key.pem\"},\"type\":\"tcp\"}],\"log_file\":\"D:/DATA/HashicorpVault/Logs/HashicorpVault.log\",\"log_format\":\"\",\"log_level\":\"debug\",\"log_requests_level\":\"\",\"max_lease_ttl\":0,\"pid_file\":\"\",\"plugin_directory\":\"\",\"plugin_file_permissions\":0,\"plugin_file_uid\":0,\"plugin_tmpdir\":\"\",\"raw_storage_endpoint\":false,\"seals\":[{\"disabled\":false,\"name\":\"shamir\",\"priority\":1,\"type\":\"shamir\"}],\"storage\":{\"cluster_addr\":\"\",\"disable_clustering\":false,\"redirect_addr\":\"https://127.0.0.1:8200\",\"type\":\"file\"}}"
2024-12-15T00:20:54.369+0100 [DEBUG] storage.cache: creating LRU cache: size=0
Here is my config file:
storage "file" {
path = "D:/Data/HashicorpVault/Prot/Data"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_cert_file = "D:/Data/HashicorpVault/Prot/Tls/HashicorpVault.crt.pem"
tls_key_file = "D:/Data/HashicorpVault/Prot/Tls/HashicorpVault.private.key.pem"
}
disable_mlock = true
api_addr = "https://127.0.0.1:8200"
cluster_addr = ""
ui = true
log_level = "debug"
log_file = "D:/DATA/HashicorpVault/Logs/HashicorpVault.log"
What have I missed?