Published on

Persist Vault Data with Amazon S3 as a Storage Backend


In a previous post we have set up the vault server on docker, but using a file backend to persist our data.

In this tutorial we will configure vault to use amazon s3 as a storage backend to persist our data for vault.

Provision S3 Bucket

Create the S3 Bucket where our data will reside:

$ aws s3 mb --region=eu-west-1 s3://somename-vault-backend

Vault Config

Create the vault config, where we will provide details about our storage backend and configuration for the vault server:

$ vim volumes/config/s3vault.json

Populate the config file with the following details, you will just need to provide your own credentials:

  "backend": {
    "s3": {
      "region": "eu-west-1",
      "access_key": "ACCESS_KEY",
      "secret_key": "SECRET_KEY",
      "bucket": "somename-vault-backend"
  "listener": {
      "address": "",
      "tls_disable": 1
  "ui": true

Docker Compose

As we are using docker to deploy our vault server, our docker-compose.yml:

$ cat > docker-compose.yml << EOF
version: '2'
    image: vault
    container_name: vault
      - "8200:8200"
    restart: always
      - ./volumes/logs:/vault/logs
      - ./volumes/file:/vault/file
      - ./volumes/config:/vault/config
      - IPC_LOCK
    entrypoint: vault server -config=/vault/config/s3vault.json

Deploy the vault server:

$ docker-compose up

Go ahead and create some secrets, then deploy the docker container on another host to test out the data persistence.

Thank You

Thanks for reading, if you like my content, feel free to check out my website, and subscrube to my newsletter or follow me at @ruanbekker on Twitter.

Buy Me A Coffee