Installer for HashiCorp Vault - Automated Installation

Automatically Download, Extract and Install Latest or Specific Version

---

The vault-install script automates the process of downloading and installing HashiCorp Vault. It provides an ideal method for installing on new hosts, installing updates and downgrading if necessary.

This script detects the latest version, OS and CPU-Architecture and allows installation to local or system locations. Optional parameters allow installing a specific version and installing to /usr/local/bin without prompting.

Options:

• -i VERSION: Install specific version
• -a: Automatically use sudo to install to /usr/local/bin
  • allows for unattended installation via scripts or CD tools
  • can be set as default behavior by uncommenting line 14 (sudoInstall=true)
  • sudo password may be required unless NOPASSWD is enabled
• -c: leave binary in working directory (for CI/DevOps use)
• -h: help
• -v: display version

This installer is similar to my Terraform Installer and Packer Installer

Download and Use Locally

Download Installer

curl -LO https://raw.github.com/robertpeteuil/vault-installer/master/vault-install.sh
chmod +x vault-install.sh

Download installer via my bootstrap server (iac.sh or https://iac.sh)

curl iac.sh/vault > getinst.sh
bash getinst.sh
# installer downloaded as vault-install.sh in current directory

Run local installer

./vault-install.sh

# usage: vault-install.sh [-i VERSION] [-a] [-c] [-h] [-v]
#      -i VERSION	: specify version to install in format '' (OPTIONAL)
#      -a		: automatically use sudo to install to /usr/local/bin
#      -c		: leave binary in working directory (for CI/DevOps use)
#      -h		: help
#      -v		: display vault-install.sh version

System Requirements

• System with Bash Shell (Linux, macOS, Windows Subsystem for Linux)
• unzip - vault downloads are in zip format
• curl or wget - script will use either one to retrieve metadata and download

Optional

• jq - if installed, latest version parsed from hashicorp downloads
  • Useful if latest github release differs from version on hashicorp downloads
  • Avoids github api limit of 60 requests per hour (unauthenticated)

Script Process Details

• Determines Version to Download and Install
  • Uses Version specified by -i VERSION parameter (if specified)
  • Otherwise determines Latest Version
    • If jq installed parse version from hashicorp downloads
    • Otherwise use GitHub API to retrieve latest tag
• Calculates Download URL based on Version, OS and CPU-Architecture
• Verifies URL Validity before Downloading in Case:
  • VERSION incorrectly specified with -i
  • Download URL Format Changed on vault Website
• Determines Install Destination
  • Performed before Download/Install Process in case user selects abort
• Installation Process
  • Download, Download SHA, Verify SHA of zip, Extract, Install, Cleanup and Display Results

CPU Architecture Detection

CPU architecture is detected for each OS accordingly:

• Linux / Windows (WSL since this is a Bash script)
  • detected with lscpu or by inspecting /proc/cpuinfo
• macOS - uses Default Arch amd64 as it's the only version available on macOS
• Default Value - amd64

Disclaimer

I am a HashiCorp employee, but this is a personal project and not officially endorsed or supported by HashiCorp.

License

Apache 2.0 License - Copyright (c) 2019 Robert Peteuil