Install

Install vHSM to effectively managing identities and access controls for workloads spread across multiple clouds and on-premises environments

Installing vHSM

Note: To install vHSM you need an enterprise licence. You also need access to enclaive repository to download the precompiled binary. Contact support to get an enterprise licence.

You can install vHSM using a docker image, helm chart, or compile from source

  1. Pull the latest image: docker pull harbor.enclaive.cloud/enclaive-dev/vhsm:latest

  2. Set the enterprise license key that you received as an environment variable: export ENCLAIVE_LICENCE=<licence-key>

  3. Start a docker container named vhsm-containerwith the image that you pulled:

docker run -d --name vhsm-container -p 8200:8200 -p 8201:8201 -e ENCLAIVE_LICENCE="$ENCLAIVE_LICENCE" harbor.enclaive.cloud/vhsm/vhsm:latest

  1. Check if the container is running:docker ps

  2. Access the logs of the container to get the environment variable, unseal key, and root token details.

The output is similar to:


WARNING! dev mode is enabled! In this mode, vHSM runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variables:

    $ export VAULT_ADDR='http://0.0.0.0:8200'

The unseal key and root token are displayed below in case you want to
seal/unseal the vHSM or re-authenticate.

Unseal Key: pafYkq2uEVve3FW7n7RM6JUK/MWEHzAxvrEdlrb4QD4=
Root Token: hvs.7oXsG8t8L198HEpB865FdpFG

Development mode should NOT be used in production installations!
  1. Set the environment variables for accessing vHSM. Save the unseal key, and the root token. You will need these key, and token to access the vHSM UI.

  2. You can now go to a browser and access vHSM ui at: http://127.0.0.1:8200/

Note: To install vHSM as a production server you need to create a `config.json` file. For more information , see Configuration.

Downloading the CLI

To interact with vHSM you can use the Hashicorp Vault CLI or enclaive vHSM CLI.

Download the Linux CLI from the vHSM server

wget https://vhsm.enclaive.cloud/static/vhsm

Last updated

Was this helpful?