Installation
Install Hashicorp Vault (option)
To use this plugin Hashicorp Vault is needed. Follow instruction from Vault installation guide
How to register the plugin
Add the following parameter in the configuration file config.hcl
plugin_directory
- must contain the absolute path to the directory where the plugins are stored
Command to register the plugin
$ vault plugin register -sha256={binary_checksum} secret securosys-hsm
How to enable the plugin
After building the plugin, before running it on test server, it must be enabled with the following command:
$ vault secrets enable securosys-hsm
The result should be
$ Success! Enabled the securosys-hsm secrets engine at: securosys-hsm/
Upgrade the plugin
To upgrade a binary of an existing working plugin, follow the steps below:
- Copy the new plugin binary to the plugin_directory.
- Register a new version of the plugin.
$ vault plugin register -sha256={binary_checksum} -version={new-version} secret securosys-hsm
- Tune the existing mount to reconfigure it to use the newly registered version.
$ vault secrets tune -plugin-version={new-version} securosys-hsm
- Reload the plugin
$ vault plugin reload -plugin securosys-hsm