Vault

Hashicorp Vault is a secrets management platform, providing secure storage and encryption of sensitive data such as passwords, API keys, and certificates. University of Münster CIT operates a Vault instance for securely managing and orchestrating access to sensitive information across various systems and services.

We operate a Hashicorp Vault instance for secure secrets management within the Uni Cloud Münster environment.

The Vault provides a centralized location for storing, retrieving, and rotating sensitive credentials, such as passwords, API keys, and certificates. It supports various secret engines, including KV (Key-Value), transit, and PKI.

It is accessible at the URL https://vault.uni-muenster.de.

Authentication

GUI

To access the Vault go to https://vault.uni-muenster.de. Then log in by clicking “Sign in with OIDC Provider” on the Vault login page. You need to authenticate using your university account credentials.

OIDC Login

Leave the ‘Role’ field blank unless otherwise specified.

CLI

Prerequisite: Install the Vault CLI on your machine by downloading the binary from the official Vault website or by using a package manager.

First configure the VAULT_ADDR environment variable by running:

export VAULT_ADDR=https://vault.uni-muenster.de

Then, authenticate with Vault using the OIDC method by executing:

vault login -method=oidc

Follow the subsequent OIDC authentication workflow in your web browser to complete the login process.

Wrapped Secrets

Wrapping and Unwrapping with Vault: A Step-by-Step Guide