Server

Explore example configurations for setting up vHSM storage and configuring the vHSM CLI for attestation.

To configure the vHSM server, you must first set up Vault. For details on the various parameters you can configure for Vault, refer to the Parameters section.

Note: After you create the configuration file, -config flag with the vhsm server command and specify the path to the configuration JSON file.

Example 1: To configure vHSM for file storage and Raft storage cluster

To configure the vHSM, Vault must be set up first. Outside of development mode, Vault servers require a persistent storage method for configuration. This configuration is stored in a JSON file.

ui            = true
cluster_addr  = "https://127.0.0.1:8201"
api_addr      = "https://127.0.0.1:8200"
disable_mlock = true

storage "file" {
  path = "/path/to/file/data"
}

listener "tcp" {
  address       = "127.0.0.1:8200"
  tls_cert_file = "/path/to/full-chain.pem"
  tls_key_file  = "/path/to/private-key.pem"
}

telemetry {
  statsite_address = "127.0.0.1:8125"
  disable_hostname = true
}

plugin_directory = "/vault/plugins"

ui            = true
cluster_addr  = "https://127.0.0.1:8201"
api_addr      = "https://127.0.0.1:8200"
disable_mlock = true

storage "raft" {
  path = "/path/to/raft/data"
  node_id = "raft_node_id"
}

listener "tcp" {
  address       = "127.0.0.1:8200"
  tls_cert_file = "/path/to/full-chain.pem"
  tls_key_file  = "/path/to/private-key.pem"
}

telemetry {
  statsite_address = "127.0.0.1:8125"
  disable_hostname = true
}

plugin_directory = "/vault/plugins"

Last updated 4 days ago

Was this helpful?