Prerequisites

You will begin with an administration computer with the Anjuna CLI installed, and a Google Cloud Project for creating cloud resources. Then, you will create and configure various cloud resources needed to deploy a HashiCorp Vault server with the Anjuna Policy Manager (APM) plugin installed.

Administration computer

This guide requires a host computer for executing commands for deployment of the APM and client systems. All commands are executed in a terminal window, preferably running the bash shell.

The Anjuna CLI for SEV on Google Cloud can be installed on the following operating systems:

  • Red Hat Enterprise Linux 8 (RHEL 8)

  • Red Hat Enterprise Linux 9 (RHEL 9)

  • Ubuntu 22.04

Anjuna CLI for SEV on Google Cloud

The Anjuna CLI for SEV on Google Cloud is required. Consult the Quickstart guide for the Anjuna Confidential Container for installation instructions and prerequisites.

Many of the commands in subsequent sections assume the Anjuna executables are accessible in the PATH environment variable. This can be accomplished by running the following command (for the default install path):

$ source /opt/anjuna/gcp/env.sh

Vault

You will also require a local installation of Vault on your host. This is required for the one time initialization of the Vault server and the Anjuna Policy Manager (APM) plugin.

Instructions for installing Vault can be found on the HashiCorp website.

Google Cloud project

A Google Cloud project is required to deploy the Vault server with the APM plugin and client systems. See Create a Google Cloud project for instructions to create a project, if you do not already have one for this purpose. The majority of Google Cloud operations in this guide are performed within the context of the chosen project.

Enable Google Cloud APIs

Several Google Cloud services are required for this deployment. The following APIs must be activated in your Google Cloud account (service name in parentheses):

  • Compute Engine API (compute.googleapis.com)

  • Cloud Key Management Service (KMS) API (cloudkms.googleapis.com)

  • Cloud Storage (storage-component.googleapis.com)

  • Secret Manager API (secretmanager.googleapis.com)

Instructions to enable Google Cloud APIs can be found in Enabling an API in your Google Cloud project.