Skip to main content

Installation

Install Hashicorp Vault (option)

To use this plugin Hashicorp Vault is needed. Follow instruction from Vault installation guide

How to register the plugin

Add the following parameter in the configuration file config.hcl

  • plugin_directory - must contain the absolute path to the directory where the plugins are stored

Command to register the plugin

$ vault plugin register -sha256={binary_checksum} secret securosys-hsm

How to enable the plugin

After building the plugin, before running it on test server, it must be enabled with the following command:

$ vault secrets enable securosys-hsm

The result should be

$ Success! Enabled the securosys-hsm secrets engine at: securosys-hsm/

Upgrade the plugin

To upgrade a binary of an existing working plugin, follow the steps below:

  1. Copy the new plugin binary to the plugin_directory.
  2. Register a new version of the plugin. 
    $ vault plugin register -sha256={binary_checksum} -version={new-version} secret securosys-hsm
  3. Tune the existing mount to reconfigure it to use the newly registered version. 
    $ vault secrets tune -plugin-version={new-version}  securosys-hsm
  4. Reload the plugin 
    $ vault plugin reload -plugin securosys-hsm