Hi AWS, I am installing vault server on Amazon Windows 11 platform. The steps I performed so far are:
- Install vault executable zip. Unzipped it and store it inside location
C:\vault\vault.exe
.
- Created the configuration file (vault.hcl) and store inside `C:\vault. The code of the HCL file is:
ui = true
cluster_addr = "https://127.0.0.1:8201"
api_addr = "https://127.0.0.1:8200"
disable_mlock = true
storage "file" {
path = "/vault/data"
}
listener "tcp" {
address = "127.0.0.1:8200"
tls_disable = true
}
- I created Vault Windows service and started it. The commands I ran are:
- sc.exe create Vault binPath="C:\vault\vault.exe agent -config=C:\vault\vault.hcl" displayName="Vault" start=auto
- sc.exe start Vault
- sc.exe query Vault
- Ran vault server CLI command
vault server -address="https://127.0.0.1:8200" -config="C:\vault\vault.hcl"
and got this output:
**`==> Vault server configuration:
Administrative Namespace:
Api Address: https://127.0.0.1:8200
Cgo: disabled
Cluster Address: https://127.0.0.1:8201
Environment Variables: ALLUSERSPROFILE, APPDATA, AWS Copilot, COMPUTERNAME, ChocolateyInstall, ChocolateyLastPathUpdate, ComSpec, CommonProgramFiles, CommonProgramFiles(x86), CommonProgramW6432, DriverData, GIT_LFS_PATH, GOPATH, HOMEDRIVE, HOMEPATH, LOCALAPPDATA, LOGONSERVER, NUMBER_OF_PROCESSORS, OPENSSL_CONF, OS, OneDrive, OneDriveConsumer, OnlineServices, PATHEXT, PROCESSOR_ARCHITECTURE, PROCESSOR_IDENTIFIER, PROCESSOR_LEVEL, PROCESSOR_REVISION, PSModulePath, PUBLIC, Path, ProgramData, ProgramFiles, ProgramFiles(x86), ProgramW6432, RegionCode, SystemDrive, SystemRoot, TEMP, TMP, USERDOMAIN, USERDOMAIN_ROAMINGPROFILE, USERNAME, USERPROFILE, VAULT_ADDR, VAULT_SKIP_VERIFY, VBOX_MSI_INSTALL_PATH, platformcode, windir
Go Version: go1.22.5
Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", disable_request_limiter: "false", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level:
Mlock: supported: false, enabled: false
Recovery Mode: false
Storage: file
Version: Vault v1.17.3, built 2024-08-06T14:28:45Z
Version Sha: c91c85442144e1228c02123fc4b19337f7d52700
==> Vault server started! Log data will stream in below:
2024-08-28T22:16:33.942+0530 [INFO] proxy environment: http_proxy="" https_proxy="" no_proxy=""
2024-08-28T22:16:33.945+0530 [INFO] incrementing seal generation: generation=1
2024-08-28T22:16:33.946+0530 [INFO] core: Initializing version history cache for core
2024-08-28T22:16:33.946+0530 [INFO] events: Starting event system
** 5. Then I explicitly set this environment variable using Windows PowerShell, i.e.
$Env:VAULT_ADDR='https://127.0.0.1:8200'`
- When I ran
vault status
, I got this error:
Error checking seal status: Get "https://127.0.0.1:8200/v1/sys/seal-status": http: server gave HTTP response to HTTPS client
- I further ran
vault operator diagnose -config="C:\vault\vault.hcl"
command and got this output:
**`Vault v1.17.3 (c91c85442144e1228c02123fc4b19337f7d52700), built 2024-08-06T14:28:45Z
Results:
[ failure ] Vault Diagnose: HCP link check will not run on OSS Vault.
[ success ] Check Operating System
[ success ] Check Disk Usage: C: usage ok.
[ success ] Parse Configuration
[ warning ] Check Telemetry: Telemetry is using default configuration
By default only Prometheus and JSON metrics are available. Ignore this warning if you are using telemetry or are using these metrics and are satisfied with the default retention time and gauge period.
[ success ] Check Storage
[ success ] Create Storage Backend
[ success ] Check Storage Access
[ success ] Determine Redirect Address
[ success ] Check Cluster Address: Cluster address is logically valid and can be found.
[ success ] Create Core Configuration
[ success ] Initialize Randomness for Core
[ success ] HA Storage
[ skipped ] Check HA Consul Direct Storage Access: No HA storage stanza is configured.
[ success ] Create HA Storage Backend
[ success ] Check Core Creation
[ skipped ] Check Service Discovery: No service registration configured.
[ success ] Create Vault Server Configuration Seals
[ skipped ] Check Transit Seal TLS: No transit seal found in seal configuration.
[ skipped ] Check For Autoloaded License: License check will not run on OSS Vault.
[ failure ] Start Listeners
[ warning ] Check Listener TLS: Listener at address 127.0.0.1:8200: TLS is disabled in a listener config stanza.
[ failure ] Create Listeners: Error initializing listener of type tcp: listen tcp 127.0.0.1:8200: bind: Only one usage of each socket address (protocol/network address/port) is normally permitted.
[ success ] Check Server Before Runtime
[ success ] Finalize Shamir Seal
[ skipped ] Check Autounseal Encryption: Skipping barrier encryption test. Only supported for auto-unseal.
`**
In order to troubleshoot it, I ran this command netstat -ano | findstr :8200
and kill the processes using the same port but I am still experiencing the error. There are no logs collected as well.
Please acknowledge and help me out as I have spent whole day long and still not able to install vault server successfully and I also didn't find a suitable document for configuring vault server on Windows platform.
I have performed all the troubleshooting steps you provided above and when I ran this command
vault server -config="C:\vault\vault.hcl"
, I got this error:Here is the updated vault.hcl: