├── .dockerignore ├── .gitignore ├── Dockerfile ├── README.md ├── build └── config.hcl-example /.dockerignore: -------------------------------------------------------------------------------- 1 | Dockerfile 2 | README* 3 | README 4 | build 5 | *.hcl 6 | *.zip 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | vault 2 | *.zip 3 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gliderlabs/alpine 2 | MAINTAINER Patrick O'Connor 3 | ADD vault /usr/local/bin/vault 4 | EXPOSE 8200 5 | ENTRYPOINT ["/usr/local/bin/vault"] 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # docker-vault 2 | 3 | ## Testing out the image/version 4 | 5 | ``` 6 | ➜ docker run -it --rm dontrebootme/vault:0.1.0 version 7 | Vault v0.1.0-dev (e9b3ad035308f73889dca383c8c423bb5939c4fc+CHANGES) 8 | ``` 9 | 10 | ## Running in server dev mode 11 | 12 | ``` 13 | ➜ docker run -it --rm --cap-add IPC_LOCK dontrebootme/vault:0.1.0 server -dev 14 | WARNING: Dev mode is enabled! 15 | 16 | In this mode, Vault is completely in-memory and unsealed. 17 | Vault is configured to only have a single unseal key. The root 18 | token has already been authenticated with the CLI, so you can 19 | immediately begin using the Vault CLI. 20 | 21 | The only step you need to take is to set the following 22 | environment variable since Vault will be taking without TLS: 23 | 24 | export VAULT_ADDR='http://127.0.0.1:8200' 25 | 26 | The unseal key and root token are reproduced below in case you 27 | want to seal/unseal the Vault or play with authentication. 28 | 29 | Unseal Key: f113447ab21b461f8a7ebcfa25dadcbe49f69f462853ebbf0091522da00a7a0d 30 | Root Token: 05602923-5020-1a84-af4b-bff0e9a838cd 31 | 32 | ==> Vault server configuration: 33 | 34 | Log Level: info 35 | Backend: inmem 36 | Listener 1: tcp (addr: "127.0.0.1:8200", tls: "disabled") 37 | 38 | ==> Vault server started! Log data will stream in below: 39 | 40 | 2015/04/28 23:52:40 [INFO] core: security barrier initialized 41 | 2015/04/28 23:52:40 [INFO] core: post-unseal setup starting 42 | 2015/04/28 23:52:40 [INFO] core: post-unseal setup complete 43 | 2015/04/28 23:52:40 [INFO] core: root token generated 44 | 2015/04/28 23:52:40 [INFO] core: pre-seal teardown starting 45 | 2015/04/28 23:52:40 [INFO] rollback: starting rollback manager 46 | 2015/04/28 23:52:40 [INFO] rollback: stopping rollback manager 47 | 2015/04/28 23:52:40 [INFO] core: pre-seal teardown complete 48 | 2015/04/28 23:52:40 [INFO] core: vault is unsealed 49 | 2015/04/28 23:52:40 [INFO] core: post-unseal setup starting 50 | 2015/04/28 23:52:40 [INFO] core: post-unseal setup complete 51 | 2015/04/28 23:52:40 [INFO] rollback: starting rollback manager 52 | ``` 53 | 54 | ## Running with a configuration file 55 | 56 | ``` 57 | ➜ docker run -it --rm -v /Users/dontrebootme/git/github/docker-vault/myconfig.hcl:/config.hcl --cap-add IPC_LOCK -p 8200:8200 dontrebootme/vault:0.1.0 server -config=/config.hcl -log-level=info 58 | ==> Vault server configuration: 59 | 60 | Log Level: info 61 | Backend: inmem 62 | Listener 1: tcp (addr: "127.0.0.1:8200", tls: "disabled") 63 | 64 | ==> Vault server started! Log data will stream in below: 65 | ``` 66 | -------------------------------------------------------------------------------- /build: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | VAULT_VERSION=0.1.0 3 | VAULT_FILE=vault_${VAULT_VERSION}_linux_amd64.zip 4 | VAULT_URL=https://dl.bintray.com/mitchellh/vault/${VAULT_FILE} 5 | DOCKER_VAULT_IMAGE=dontrebootme/vault:${VAULT_VERSION} 6 | 7 | curl -sLOk ${VAULT_URL} \ 8 | && unzip -o ${VAULT_FILE} \ 9 | && docker build --rm=true --no-cache=true --pull=true -t ${DOCKER_VAULT_IMAGE} . \ 10 | && echo "Now pushing ${DOCKER_VAULT_IMAGE}" \ 11 | && docker push ${DOCKER_VAULT_IMAGE} \ 12 | && echo "Done. You may now start up the container." 13 | -------------------------------------------------------------------------------- /config.hcl-example: -------------------------------------------------------------------------------- 1 | backend "inmem" { 2 | advertise_addr = "192.168.59.103" 3 | } 4 | listener "tcp" { 5 | address = "127.0.0.1:8200" 6 | tls_disable = 1 7 | } 8 | --------------------------------------------------------------------------------