Skip to main content

Configure Piiano Vault to use TLS

Learn how to configure Piiano Vault to use the Transport Layer Security (TLS) cryptographic protocol to protect data in motion

To configure Dev edition or the Server edition to use TLS (and listen as HTTPS), use one of these options:

  1. Set the environment variable PVAULT_TLS_ENABLE to 1, set PVAULT_TLS_CERT_FILE to the TLS certificate location, and PVAULT_TLS_KEY_FILE to the private key location. For example, if running Vault Dev, add these flags to the docker run command:

    -v $(pwd):/certs -e \
    -e PVAULT_TLS_CERT_FILE=/certs/pvault.crt \
    -e PVAULT_TLS_KEY_FILE=/certs/pvault.key \

    Then, use this command to generate the key and certificate:

    openssl req -newkey rsa:2048 -nodes -keyout pvault.key -x509 -days 365 -out pvault.crt -subj "/CN=localhost/O=Piiano"
  2. Set the environment variable PVAULT_TLS_SELFSIGNED to true to instruct Vault to generate and use a self-signed certificate that is valid for 1 year. The default toolchains do not trust this certificate. To accept the certificate, configure the client to allow insecure connections (for example, by running curl -k when using cURL).

On this page