For more info, refer to official documentation
You can use your Vault UI endpoint to walk you through the unseal process. Store your unseal and root keys very carefully and securely!
You will need the root token for the initial Vault configuration, and then you can use just the Cloudflare Access JWTs to auth against Vault and get scoped token with TTL back.
- Replace (two occurrences!)
YOUR_CREATED_TF_STATE_BUCKET_NAMEin providers.tf - Change required values in vault.auto.tfvars
cloudflare_teams_name = "your-cloudflare-for-teams-team-name" # emails to assing admin policy to vault_admins = [ "you@example.com ] - Optionally, adjust optional values in vault.auto.tfvars
- Export Cloudflare credentials (alternatively you will be asked to pass them in by Terraform on each command)
# vault root token export TF_VAR_VAULT_ROOT_TOKEN=
- Run
terraform init - Run
terraform applyand confirm changes- Terraform will output commands for getting fresh Vault token using Cloudflare Access JWT auth
- You are done and your Zero-Trust Vault is configured!