HashiCorp Vault Tutorial for Beginners: Deploy Vault in Docker in 15 Minutes

Getting started with secret management doesn't have to be intimidating. In this HashiCorp Vault tutorial for beginners, you'll learn how to deploy Vault using Docker in just 15 minutes, no prior DevOps experience required. Whether you're a solo developer or part of a growing team, Vault gives you a secure way to manage secrets, environment variables, and credentials. Let's dive in.

What Is HashiCorp Vault and Why Use It?

Secrets Management 101

Secrets are sensitive data like API keys, database passwords, tokens, and encryption keys. Storing them in .env files or hardcoding them into apps is risky.

Why Choose Vault?

HashiCorp Vault is a powerful tool used by companies like GitHub and Stripe to manage and protect secrets. It supports encryption, access control, auditing, and dynamic secrets all in one centralized system.

What You Need Before Starting

Prerequisites

To follow this Vault Docker tutorial, you'll need:

• Docker and Docker Compose installed
• A terminal (Linux, macOS, or WSL for Windows users)

Folder Setup

Create a working folder:

mkdir vault-docker-demo && cd vault-docker-demo

Step 1: Set Up HashiCorp Vault with Docker

Create a Minimal docker-compose.yml

Here's a basic setup for local development:

version: '3.7'
services:
  vault:
    image: hashicorp/vault:latest
    container_name: vault
    ports:
      - "8200:8200"
    environment:
      VAULT_DEV_ROOT_TOKEN_ID: root
      VAULT_ADDR: http://0.0.0.0:8200
    cap_add:
      - IPC_LOCK
    command: server -dev

Save this file in your project directory.

Start Vault in Dev Mode

docker-compose up -d

This runs Vault in dev mode, ideal for testing. It's not secure for production but perfect for this HashiCorp Vault tutorial for beginners.

Step 2: Access and Initialize Vault

Visit the Vault UI

Open your browser and go to: http://localhost:8200

Use the root token: root (from VAULT_DEV_ROOT_TOKEN_ID)

CLI Access (Optional but Powerful)

To enter the container and use Vault CLI:

docker exec -it vault /bin/sh

Inside, try:

vault status

You should see Vault is initialized and unsealed in dev mode.

Step 3: Store and Read Your First Secret

Let's create your first secret using Vault's Key-Value (KV) secrets engine.

Enable the KV v2 Secrets Engine

vault secrets enable -path=secret kv-v2

Store a Secret

vault kv put secret/my-api api_key=1234567890abcdef

Read the Secret

vault kv get secret/my-api

You'll see the stored API key. That's your first secret secured!

Step 4: Bonus: Use the Vault UI to Store a Secret

Prefer point-and-click?

1. Visit http://localhost:8200
2. Log in with the root token
3. Navigate to Secrets → KV → Create secret
4. Set path to my-ui-secret, key to db_pass, value to supersecret123

Security Tips for Beginners

Even in dev mode, it's worth learning safe practices:

• Never use dev mode in production. It disables security features.
• Don't hardcode root tokens. Use authentication methods like AppRole or GitHub OAuth.
• Enable TLS encryption. Vault transmits sensitive data use HTTPS in real deployments.