How to Install Hashicorp Vault on CentOS 7

December 17, 2019


Vault stores, controls, and protects the data used for authentication and authorization. Vault is a management system for secrets, restricting or approving access to passwords, certificates, or APIs. It also provides data encryption, on-demand secrets, and revocation.

In this tutorial, learn how to install Vault on CentOS and run Vault as a service.

guide on how to install hashicorp vault on centos


  • A CentOS Linux system
  • A user account with sudo privileges
  • Access to a command-line/terminal window (Ctrl+Alt+F2)

Install Vault from Binary on CentOS

1. Before installing Vault, create a new directory in Linux using the mkir command to store the binary package and other necessary data for the software. To illustrate, we will name it “directory” and run the following command to create it:

sudo mkdir -p /opt/vault/directory

2. With the directory set up, move on to downloading the binary from Vault’s official website. Navigate to the website and click on the blue Download icon.

3. Find the appropriate package for your CentOS operating system (Linux) and click on the tile.

4. You will see the Linux icon and a Download button. Right-click on the button and select Copy Link Location.

download vault for linux

5. Next, go back to the command line. Use the wget command and the link location you copied in the previous step to download the binary:

sudo wget

6. Then, unzip the package using the command:

example of installing vault from the binary on CentOS

7. After unzipping, type:

sudo chown root:root vault
sudo mv vault /usr/local/bin/ (or to som other DIR that's present in your $PATH

8. Verify Vault is running with the command:

vault --version

The output displays the version of Vault running on the system.

For additional information, you can prompt the help page with the command:


Note: Vault 1.2.3 is currently the newest version. However, newer releases may be available by the time of your installation.

Configuring Vault

Create a Service User for Vault

It is best to consider privileged account security and have a separate non-privileged system user for running a Vault server.

Use the following command to create a system user and grant ownership of the installation directory:

sudo useradd --system -home /etc/vault.d - shell /bin/false vault

Check to see if you have successfully created the service user with:

sudo grep vault /etc/passwd

The output should show something like the line below:


Run Vault as a Service

To run Vault as a service, you also need to create a new Systemd service file:

sudo vi/etc/systemd/system/vault.service

Then, add the content below:

Description="HashiCorp Vault - A tool for managing secrets"

CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
ExecStart=/usr/local/bin/vault server -config=/etc/vault.d/vault.hcl
ExecReload=/bin/kill --signal HUP $MAINPID


Enable and start the service with the commands:

sudo systemctl enable vault.service
sudo systemctl start vault.service

Prepare to Administer Vault

The next step is to move the Vault bin directory to the PATH environment variable with the command:

export PATH=$PATH:/opt/vault/bin
echo "export PATH=$PATH:/opt/vault/bin" >> ~/.bashrc
preparing to initialize vault

Followed by setting the environment variables for Vault by typing:

echo "export VAULT_ADDR=" >> ~/.bashrc

Initialize and Unseal your Vault

To initialize and unseal Vault, you will first need to start Vault as a server in the dev mode. However, make sure not to run a dev server in production.

Run the following command:

vault server -dev

The command produces an output that includes the server configuration, the unseal key, and root token. Save the unseal key and root token values, as you will need them in the next steps.

Note: As Vault does not fork, you need to open another shell or terminal to run the following commands.

Start by setting the environment variable. You will find this command as part of the output from the previous steps:

export VAULT_ADDR=’’

Then, run the following command with the information from the dev server’s output:


Check the status of the server:

valut status

The output should display that Vault is now initialized and no longer sealed.

Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.2.3
Cluster Name    vault-cluster-18e6bce0
Cluster ID      16382125-eb14-f23a-8145-ad64eee072cf
HA Enabled      false


After reading this article, you have installed and configured Vault on CentOS 7 successfully. Although the installation includes numerous steps, if you follow the guide, you should not have any issues.

Was this article helpful?
Sofija Simic
Sofija Simic is an experienced Technical Writer. Alongside her educational background in teaching and writing, she has had a lifelong passion for information technology. She is committed to unscrambling confusing IT concepts and streamlining intricate software installations.
Next you should read
DNS Best Practices for Security and Performance
November 11, 2019

DNS management is a significant hurdle in enterprise environments. DNS infrastructure needs to be organized...
Read more
How to Install NMAP on Ubuntu
December 17, 2019

This article will help you how to install Nmap on Ubuntu as well as explore some of the options it has...
Read more
21 Server Security Tips to Secure Your Server
January 11, 2023

Hackers are always on the lookout for server vulnerabilities. Minimize risks and be confident your data...
Read more
How to Reset or Change the Root Password in Linux
October 22, 2018

In Linux, root privileges (or root access) refers to a user account that has full access to all files...
Read more