Vault可以用来管理 秘钥、加密 数据 和 基于身份的权限验证 等
先安装longhorn作为持久化storage 提供 PV
添加仓库 https://helm.releases.hashicorp.com
设置values
dataStorage.size = 1Givault 需要一个初始化动作
vault operator init
/ $ vault operator init
Unseal Key 1: 0knf13iA1JvSgIixWC5VMQKtcyHbrfBWoqxSWGKAbuCY
Unseal Key 2: UDcCwhlGcYpdRvYvfLD51hdFTh6QXIjxP3NCMATF6hys
Unseal Key 3: fpO7dILIfIMB6pfOy/IRb5U1zMpELWSWbjUXalwlhYkP
Unseal Key 4: oy4BRHPogCxaF231MfIQjwdF0GNZGcVJRDjwrNvW+yki
Unseal Key 5: sOwl2LUwW0ZZYlgh/T0H9Ajw4VHVwsKuRIMhdvwfGfKw
Initial Root Token: s.sJSDGrPe7rwnb5NDUs5VzPon
Vault initialized with 5 key shares and a key threshold of 3. Please securely
distribute the key shares printed above. When the Vault is re-sealed,
restarted, or stopped, you must supply at least 3 of these keys to unseal it
before it can start servicing requests.
Vault does not store the generated master key. Without at least 3 key to
reconstruct the master key, Vault will remain permanently sealed!
It is possible to generate new unseal keys, provided you have a quorum of
existing unseal keys shares. See "vault operator rekey" for more information.
/ $ 
然后需要对秘钥 unseal
export VAULT_TOKEN=s.sJSDGrPe7rwnb5NDUs5VzPon
vault operator unseal 0knf13iA1JvSgIixWC5VMQKtcyHbrfBWoqxSWGKAbuCY
vault operator unseal UDcCwhlGcYpdRvYvfLD51hdFTh6QXIjxP3NCMATF6hys
vault operator unseal fpO7dILIfIMB6pfOy/IRb5U1zMpELWSWbjUXalwlhYkP
vault operator unseal oy4BRHPogCxaF231MfIQjwdF0GNZGcVJRDjwrNvW+yki
vault operator unseal sOwl2LUwW0ZZYlgh/T0H9Ajw4VHVwsKuRIMhdvwfGfKw
vault status
这样就完成了
可以看到默认使用了 file 作为 storage
