Vault docker container on Alpine
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
scripts
src/bin
tests
.gitignore
.travis.yml
Dockerfile
README.md
docker-compose.yml

README.md

wdijkerman/vault

Docker Stars Docker Pulls Build Status

Introduction

This is an Docker container for Vault running on Alpine.

The versions in this Docker container:

  • alpine: 3.8
  • vault: 0.11.0
  • python: 2.7.13

Volumes

The following volumes are available:

  • /vault/ssl
  • /vault/config
  • /vault/audit

User

Vault is running as user vault. With the following capabilities (which are configured in this container)it should be no problem running Vault as non-root user:

  • cap_ipc_lock (Should not swap. Also --cap-add IPC_LOCK should be added to the command line when to start the Vault container.)

The UID used in this container is 1051. So make sure the id is already available on the host running the container when host mounts are used.

Versions

Python?

Python is also installed in the container. Python is used for testing the container, which is done with the tool testinfra. You can see in the tests directory a file named test_vault.py which will be executed. (Still WiP)

Install the container

Just run the following command to download the container:

docker pull wdijkerman/vault

Configuration

Suggested to use a secure Vault running is to make sure it can not use the swap. When configuring the container, please make sure it ran with --cap-add IPC_LOCK.

There are 2 ways to configure Vault:

  • Place your own hcl configuration files;
  • Set some environment variables and basic configuration file is created;

Configuration file

Make sure that before you start the Vault container a file is present in the container on location /vault/config/config.hcl. Please take a look at https://www.vaultproject.io/docs/configuration/index.html for correctly configuring the Vault instance.

Environment variables

There are several arguments that can be used for configuring this container.

Environment Description
CONSUL_HOST The fqdn or ip of the Consul agent. Default: consul
CONSUL_PORT The port on which Consul is available. Default: 8500
CONSUL_SCHEME If consul is on http or https. Default: http
CONSUL_TLS_SKIP_VERIFY If the ssl certificate should be verified or not. Default: 1
CONSUL_TOKEN If an Consul ACL token needs to be used for Vault.
TLS_CRT_FILE The location to the SSL CRT file.
TLS_KEY_FILE The location to the SSL KEY file.
VAULT_LISTEN_ADDR The IP/fqdn on which this Vault instance is listening on.
VAULT_TCP_CLUSTER_ADDR The IP/fqdn on which the Vault Cluster is listening on.

Tests

Testinfra

how to's

Setting up a secure Consul cluster Configuring Access Control Lists Setting up a secure Vault with a Consul backend

License

The MIT License (MIT)

See file: License

Issues

Please report issues at https://github.com/dj-wasabi/vault/issues

Pull Requests are welcome!