OpenBao 2.5 on Ubuntu 24.04 LTS by cloudimg. The open-source Vault fork for secrets management - tokens, passwords, certificates and encryption keys - with the web UI behind nginx, encrypted storage on a dedicated data disk, and per-VM init, unseal keys and root token. 24/7 support.
## OpenBao on Ubuntu 24.04 LTS by cloudimg
OpenBao is the open-source, community-driven fork of HashiCorp Vault for secrets management. It securely stores and tightly controls access to tokens, passwords, certificates and encryption keys, with dynamic secrets, leasing and renewal, encryption as a service, and a complete audit trail. The cloudimg image installs OpenBao 2.5.5 from the official package, runs it as a dedicated systemd service with file storage bound to loopback behind an nginx reverse proxy on port 80, persists the encrypted store on a dedicated Azure data disk, and initialises and unseals the vault with unique keys on the first boot of every VM. Backed by 24/7 expert support.
Per-VM Initialisation
Every customer VM initialises a fresh vault on first boot with its own five unseal keys and root token, written to a root-only file. The vault auto-unseals on every subsequent reboot. Store the keys and token somewhere safe and remove them from the VM for production use.
Dedicated Data Disk
The encrypted storage lives on a dedicated, independently resizable Azure data disk mounted at /var/lib/openbao, separate from the OS disk and re-provisioned with every VM. Snapshot it to back up your secrets store.
Secure By Default
OpenBao uses token authentication. The server is bound to loopback and nginx fronts it on port 80; front the proxy with TLS for production. The API requires an X-Vault-Token header; the web UI login uses a token.
Why Choose cloudimg?
* 24/7 Expert Support with guaranteed 24 hour response. Contact support@cloudimg.co.uk
* Production Ready from Launch Pre configured, security patched, and validated before publication
* Azure Native Integration Built with Azure Linux Agent, cloud init, and Gen2 Hyper V
What is Included
* OpenBao 2.5.5 (binary /usr/bin/bao) with file storage and the web UI enabled
* nginx reverse proxy on port 80 in front of the loopback OpenBao listener
* Per-VM initialisation with five unseal keys and a root token in a root-only file
* Auto-unseal on every boot from the stored keys
* A dedicated Azure data disk at /var/lib/openbao for the encrypted store
* openbao.service and nginx.service as systemd units, enabled and active
Use Cases
Centralised secrets management, dynamic database and cloud credentials, PKI and certificate issuance, encryption as a service, and a self-hosted, open-source alternative to managed secrets services.
Visit www.cloudimg.co.uk/guides/openbao-on-ubuntu-24-04-azure for the full user guide.
All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.