From Hashicorp Vault project documentation
Starting the Server
vault server -config=example.hclWith the configuration in place, starting the server is simple, as shown below. Modify the -config flag to point to the proper path where you saved the configuration above. Vault outputs some information about its configuration, and then blocks. This process should be run using a resource manager such as systemd or upstart.
However what they have missed to document is the start up script for RHEL7/CentOS7 systemd. Here is the start up script that can start vault automatically.
[Unit]
Description=Vault service
After=network-online.target
[Service]
PrivateDevices=yes
PrivateTmp=yes
ProtectSystem=full
ProtectHome=read-only
SecureBits=keep-caps
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes
ExecStart=/bin/vault server -config=/etc/vault.conf
KillSignal=SIGINT
TimeoutStopSec=30s
Restart=on-failure
StartLimitInterval=60s
StartLimitBurst=3
[Install]
WantedBy=multi-user.target
Place here
/usr/lib/systemd/system/vault.service
then
systemctl daemon-reload
systemctl start vault
To add it to the system start up, use
systemctl enable vault
In addition to this, the following can be placed in
/etc/profile.d/vault.sh
so that the vault address can be exported every time the user logs in
#!/bin/bash
export VAULT_ADDR='http://127.0.0.1:8200'
