An nginx container than can configure itself securely at runtime.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
config
.gitignore
Dockerfile
README.md
entrypoint.sh

README.md

Dockerized Nginx Container with Vault Integration

This container is designed to work with existing Hashicorp Vault infrastructure.
Specifically: it will dynamically configure itself at run time with content in Vault.
A set of environment variables tell the container which Vault instance to use, and which path to fetch secrets from.

If no secrets can be fetched, the default hardcoded values are used.

Preparation

Seed your vault instance with the appropriate configuration files.
For example:

    $ vault write secret/nginx-instance-1/default.conf value=@myfile.txt
    $ vault write secret/nginx-instance-1/cert value=@mycert.crt
    $ vault write secret/nginx-instance-1/key value=@mykey.key

Start the Container, using the correct environment variables

You'll need to generate a vault token for your application instance, and tell the ngnix container where it is and how to authenticate:


    $ docker run -it \
        -e TOKEN="c44a455e-9ecf-40f0-8d16-3368e5cca33c" \
        -e URL=https://vaultinstance.com:8200 \
        -e INDEX=nginx-instance-1 \
        niall-byrne/nginx-vault-integration