I have installed vault in kubernetes following the guide: https://learn.hashicorp.com/vault/kubernetes/sidecar
helm repo add hashicorp https://helm.releases.hashicorp.com
helm install vault hashicorp/vault --set "server.dev.enabled=true"
This document shows that I should use the root access token: https://learn.hashicorp.com/vault/getting-started/ui
But how do I get the root access token if the installation and auto unwrap was done inside of k8s?
There does not appear to be any secrets created to store this credential. I guess hashicorp team would label that as insecure.
But how then does one get the root token?
When you run the vault in dev mode, the vault is initialized and unsealed automatically. You can see the logs by running
$ kubectl logs -f vault-0
==> Vault server configuration:
Api Address: http://172.18.0.9:8200
Cgo: disabled
Cluster Address: https://vault-0.vault-internal:8201
Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
Log Level: info
Mlock: supported: true, enabled: false
Recovery Mode: false
Storage: inmem
Version: Vault v1.4.2
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.
You may need to set the following environment variable:
$ export VAULT_ADDR='http://0.0.0.0:8200'
The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.
Unseal Key: NINZtDfRBIogOqHQx1hRNhTXTzhAVf9ZqKxNcEKiMyo=
Root Token: root <-- this is the root token