HashiCorp Vault from zero to production
An interactive, step-by-step guide to centralized secrets management. Replace static credentials with dynamic, short-lived, auditable secrets across your entire homelab.
🔐
What you'll build
A Vault server that manages all lab secrets, issues short-lived SSH certificates, runs an internal PKI CA, and integrates with your existing Ansible and Terraform workflows.
👤
Who this is for
Sysadmins who have completed the TF and Ansible guides (or equivalent) and want to replace static secrets with dynamic, auditable secrets management.
☑️
How it works
Expand each step to read the explanation, then check it off. Progress is saved in your browser.
🗂️
Prerequisites
A running Ubuntu server. Familiarity with the TF and Ansible guides is recommended but not required.
Note:
This guide uses Ubuntu. Commands are easily adapted for RHEL/Rocky.
Sync Progress
Copy this URL and open it in another browser to restore your progress.