Vault

Hashicorp Vault is a secrets management platform, providing secure storage and encryption of sensitive data such as passwords, API keys, and certificates. University of Münster CIT operates a Vault instance for securely managing and orchestrating access to sensitive information across various systems and services.

We operate a Hashicorp Vault instance for secure secrets management within the Uni Cloud Münster environment.

The Vault provides a centralized location for storing, retrieving, and rotating sensitive credentials, such as passwords, API keys, and certificates. It supports various secret engines, including KV (Key-Value), transit, and PKI.

It is accessible at the URL https://vault.uni-muenster.de.

Authentication

GUI

To access the Vault go to https://vault.uni-muenster.de. Then log in by clicking “Sign in with OIDC Provider” on the Vault login page. You need to authenticate using your university account credentials.

CLI

Prerequisite: Install the Vault CLI on your machine by downloading the binary from the official Vault website or by using a package manager.

First configure the VAULT_ADDR environment variable by running:

export VAULT_ADDR=https://vault.uni-muenster.de

Then, authenticate with Vault using the OIDC method by executing:

vault login -method=oidc

Follow the subsequent OIDC authentication workflow in your web browser to complete the login process.

Wrapped Secrets

Wrapping and Unwrapping with Vault: A Step-by-Step Guide