VM Requisites

Resource	Minimun
CPU	2 vCPU
RAM	4 GB
Disk	40 GB
Operating System	Ubuntu 22.04 / 24.04

Access Port

Port	Protocol	Usage
443	HTTPS	OpenBao web UI and API

How To Access

OpenBao web UI and API

https://<IP-CON-GUIONES>.sslip.io/

‍

Example: if your VM has the IP address 200.25.101.125:

https://200-25-101-125.sslip.io/

‍

Without SSL

http://<IP_DE_LA_VM>/

‍

Authentication

OpenBao uses a Root Token for initial access. Look for it in the deployment outputs on the Cuemby portal.

# Authenticate with the bao CLI
export BAO_ADDR="https://<IP-WIRES>.sslip.io"
export BAO_TOKEN="<DEV_ROOT_TOKEN>"

bao status

‍

⚠️ The marketplace deployment runs OpenBao in dev mode. Data is stored in memory, and the server starts already initialized and unsealed. Do not use in production without configuring persistent storage and a proper unseal process.

Verify that OpenBao is active

# View the OpenBao pod
`kubectl get pods -A | grep openbao`

# View the installation log
`tail -f /var/log/cuemby/bootstrap.log`

# Check the health via API
`curl -k https://<VM_IP>/v1/sys/health`

‍

Expected output

{"initialized": true, "sealed": false, "standby": false}

‍

Expected pod output:

NAME                        READY   STATUS    RESTARTS
openbao-xxxxxxxxx-xxxxx     1/1     Running   0        ← Running ✓

Configuration Parameters

Parameter	Default	Description
OPENBAO_DEV_ROOT_TOKEN ⚠️	auto-generated	Root access token. It is recommended to set it manually to maintain it between redeployments.
OPENBAO_DATA_SIZE	10Gi	Persistent volume size for OpenBao data.
OPENBAO_SSL_ENABLED	true	Enable HTTPS with automatic certificate via sslip.io.
OPENBAO_HOSTNAME	auto (sslip.io)	Custom hostname. If left blank, the URL generated by Cuemby will be used.

‍

💡 Set OPENBAO_DEV_ROOT_TOKEN before deploying. If you leave it on auto-generated and need to redeploy, the token will change and you'll have to update all applications that use it.

First Steps (quick start)

Install the Bao CLI

# Linux
curl -Lo bao.zip https://github.com/openbao/openbao/releases/latest/download/bao_linux_amd64.zip
unzip bao.zip && sudo mv bao /usr/local/bin/

‍

Basic secret operations

export BAO_ADDR="https://<IP-CON-HYIONES>.sslip.io"
export BAO_TOKEN="<DEV_ROOT_TOKEN>"

# Write a secret
bao kv put secret/mi-app db_password="supersecret" api_key="abc123"

# Read a secret
bao kv get secret/mi-app

# Read a specific field
bao kv get -field=db_password secret/mi-app

# List secrets
bao kv list secret/

‍

Access via REST API

# Read a secret via API
curl -k -H "X-Vault-Token: <DEV_ROOT_TOKEN>" \

https://<IP-CON-HYUONES>.sslip.io/v1/secret/data/mi-app

‍

💡 Tip: OpenBao is compatible with the HashiCorp Vault API. Any SDK or tool that supports Vault (vault-sdk, hvac for Python, node-vault for Node.js) will work by directly pointing to your OpenBao instance's URL.

Quick Troubleshooting

Problem	Probable cause	Solution
permission denied	Incorrect token	Verify the token in the deployment outputs.
sealed in /v1/sys/health	OpenBao sealed (does not occur in dev mode)	Execute bao operator unseal with the unseal keys.
UI not loading	Pod still starting	Wait ~2–3 min and check tail -f /var/log/cuemby/bootstrap.log.
Invalid token after redeployment	Self-generated token changed	Set OPENBAO_DEV_ROOT_TOKEN before the next deployment.
Pod in CrashLoopBackOff	Insufficient resources	Check with kubectl describe pod -n .

Cuemby Cloud

IaaS

About Cuemby Cloud

Cuemby Cloud is enterprise-grade cloud infrastructure managed from a single console, built for stronger security, predictable operations, and easy scaling across regions.

Datacenters regions available in Colombia, Ecuador, and Chile

Backed by Tier III / Tier IV data center locations

Zero Network Ingress and Egress Fees

24/7 local expert support

Get Started for Free

Discover Cuemby Cloud

OpenBao