AppArmor

profiles per application, based on file paths

Init vault

e.g.

   vault operator init \
    -key-shares=3 \
    -key-threshold=2 \
    -pgp-keys="keybase:hashicorp,keybase:jefferai,keybase:sethvargo" \
    -root-token-pgp-key="keybase:hashicorp"

or GPG https://www.vaultproject.io/docs/concepts/pgp-gpg-keybase.html

With client connection to server

$ vault operator init     -key-shares=9     -key-threshold=3
Unseal Key 1: rjV7Qdc+H9lQLdyzXXGF8hpRYFGbIBiQ/Zr6eoopNuTB
Unseal Key 2: CKVNeq8WmwOLAeu7lBmCkfCYvWqQHbyeRCsmBHL1QBAL
Unseal Key 3: SiJyjbbbyRP/JY6I6PCmBG0YdO6o1EPhyZ+fMImpaNKH
Unseal Key 4: sfu2MKkNkoeI2EA4vO7sOtUbRzYZZrGBxOrEoOHtTo+O
Unseal Key 5: 7XFvEXwZjCukP4fKINKt7HFLy0GJ4GMvoSN0AK0dEUHS
Unseal Key 6: oqheZQnzmMWLfs8gxAEY5aKbEacT+rSMmV8oegq6Kc9U
Unseal Key 7: 4QUI8Iwhu8tvi5TW5VY4PKwZFVG0eUCGanecIVVIohwV
Unseal Key 8: XkZgPVCMS7Y95LvdfbtAesZkbxvWHFc47Wj0g2mAmjjq
Unseal Key 9: UxhuvjyrDUhmgZYE5YHR5og0fHl0z3/kWKARzTV7inTg

Initial Root Token: 417c52cf-863e-0014-330e-fdc834c24d15

vault logint
- export VAULT_TOKEN=417c52cf-863e-0014-330e-fdc834c24d15

Check for alive

curl -k https://127.0.0.1:8200/v1/sys/init
{"initialized":true}

Policies

https://www.vaultproject.io/intro/getting-started/policies.html

...