This is an Docker container for Vault running on Alpine.
The versions in this Docker container:
- alpine: 3.12
- vault: 1.7.0
- python: 3.8.5
The following volumes are available:
Vault is running as user vault. With the following capabilities (which are configured in this container)it should be no problem running Vault as non-root user:
- cap_ipc_lock (Should not swap. Also
--cap-add IPC_LOCKshould be added to the command line when to start the Vault container.)
The UID used in this container is 1051. So make sure the id is already available on the host running the container when host mounts are used.
Python is also installed in the container. Python is used for testing the container, which is done with the tool
You can see in the
tests directory a file named
test_vault.py which will be executed. (Still WiP)
Install the container
Just run the following command to download the container:
docker pull wdijkerman/vault
Suggested to use a secure Vault running is to make sure it can not use the swap. When configuring the container, please make sure it ran with
There are 2 ways to configure Vault:
- Place your own hcl configuration files;
- Set some environment variables and basic configuration file is created;
Make sure that before you start the Vault container a file is present in the container on location
Please take a look at https://www.vaultproject.io/docs/configuration/index.html for correctly configuring the Vault instance.
There are several arguments that can be used for configuring this container.
|CONSUL_HOST||The fqdn or ip of the Consul agent. Default:
|CONSUL_PORT||The port on which Consul is available. Default:
|CONSUL_SCHEME||If consul is on http or https. Default:
|CONSUL_TLS_SKIP_VERIFY||If the ssl certificate should be verified or not. Default:
|CONSUL_TOKEN||If an Consul ACL token needs to be used for Vault.|
|TLS_CRT_FILE||The location to the SSL CRT file.|
|TLS_KEY_FILE||The location to the SSL KEY file.|
|VAULT_LISTEN_ADDR||The IP/fqdn on which this Vault instance is listening on.|
|VAULT_TCP_CLUSTER_ADDR||The IP/fqdn on which the Vault Cluster is listening on.|
The MIT License (MIT)
See file: License
Please report issues at https://github.com/dj-wasabi/vault/issues
Pull Requests are welcome!