Scribd
Upload
51 views3 pages

Lab 4 - Cloud Data Encryption Using Vault (Cloud Security)

Uploaded by

irtzaarts
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views3 pages

Lab 4 - Cloud Data Encryption Using Vault (Cloud Security)

Uploaded by

irtzaarts
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

This document is the property of Al Nafi.

Any unauthorized redistribution or reproduction, including in printed form, is strictly


prohibited. This document can only be read electronically.

Lab 4: Cloud Data Encryption using Vault (Cloud Security)

Objectives
Secure sensitive cloud data using encryption techniques.

TASKS:
Store and retrieve encrypted data in AWS S3 using Vault's encryption capabilities.

td
Steps to Set Up Vault for Cloud Data Encryption

Step 1: Install and Configure Vault

tl
1. Launch a cloud VM (e.g., AWS EC2) to act as your Vault server.

Pv
2. Install Vault on your VM:
● Download and install Vault from the official Vault downloads page.

ng
wget
https://releases.hashicorp.com/vault/<version>/vault_<version>_linux_amd64.
zip ni
unzip vault_<version>_linux_amd64.zip
ar
sudo mv vault /usr/local/bin/
Le

3. Initialize Vault in development mode for simplicity

vault server -dev


IE

This will provide you with an unsealed root token, e.g., root.
AF

Step 2: Enable Transit Secrets Engine


N

1. Log into Vault using the provided root token:


AL

export VAULT_ADDR='http://127.0.0.1:8200'
vault login <root_token>

2. Enable the Transit engine, which allows you to handle encryption/decryption operations

vault secrets enable transit


3. Create an encryption key named my-key:

vault write -f transit/keys/my-key

Step 3: Set Up AWS S3 Bucket

1. Create an S3 bucket in AWS where you will store encrypted data. Note the bucket
name for future steps.

td
2. Configure AWS CLI on your machine if not already configured:

tl
aws configure

Pv
Enter your AWS Access Key, Secret Key, region, and output format.

ng
Step 4: Encrypt Data with Vault

1. Encrypt some data using Vault’s transit encryption:


ni
vault write transit/encrypt/my-key plaintext=$(base64 <<< "Sensitive Data
ar
to Encrypt")
Le

The result will be a ciphertext that can be safely stored in S3.


IE

2. Store the encrypted data in your S3 bucket

echo "your_encrypted_data" > encrypted_data.txt


AF

aws s3 cp encrypted_data.txt s3://your-bucket-name/


N

Step 5: Retrieve and Decrypt Data


AL

1. Retrieve the encrypted data from S3

aws s3 cp s3://your-bucket-name/encrypted_data.txt .

2. Decrypt the data using Vault:

vault write transit/decrypt/my-key ciphertext="vault:v1:your_encrypted_data"


Vault will return the decrypted data.

Summary

In this lab, you learned how to use HashiCorp Vault to encrypt sensitive data and store it in AWS
S3. You also learned how to retrieve and decrypt the data using Vault’s encryption capabilities,
ensuring the security of cloud

td
tl
Pv
ng
ni
ar
Le
IE
AF
N
AL

You might also like