├── .gitmodules
├── Dockerfile
├── README.md
├── docker-compose
    ├── config
    │   └── uaa.yml
    └── docker-compose.yml
└── entrypoint.sh


/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "credhub"]
2 | 	path = credhub
3 | 	url = https://github.com/cloudfoundry-incubator/credhub.git
4 | [submodule "credhub-acceptance-tests"]
5 | 	path = credhub-acceptance-tests
6 | 	url = https://github.com/cloudfoundry-incubator/credhub-acceptance-tests.git
7 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM openjdk:8
 2 | COPY ./credhub /usr/src/credhub
 3 | COPY ./credhub-acceptance-tests /usr/src/acceptance/src/github.com/cloudfoundry-incubator/credhub-acceptance-tests
 4 | ENV GOPATH /usr/src/acceptance
 5 | WORKDIR /usr/src/credhub
 6 | 
 7 | RUN "./setup_dev_mtls.sh"
 8 | RUN ["./gradlew", "--no-daemon", "assemble"]
 9 | 
10 | COPY ./entrypoint.sh /usr/src/credhub/entrypoint.sh
11 | ENTRYPOINT ["./entrypoint.sh"]


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Credhub-docker
 2 | 
 3 | Docker image for credhub (include a docker-compose file to run with uaa).
 4 | 
 5 | ## Run without UAA
 6 | 
 7 | ```bash
 8 | docker run -d -p 127.0.0.1:9000:9000 orangeopensource/credhub:latest
 9 | ```
10 | 
11 | ## Run with UAA
12 | 
13 | You will need a config file for UAA which can be found [here](/docker-compose/config/uaa.yml).
14 | 
15 | 1. Start a UAA with Docker: `docker run -d --name uaa --mount type=bind,source=$PWD/docker-compose/config/uaa.yml,target=/uaa/uaa.yml -p 127.0.0.1:8080:8080 pcfseceng/uaa:latest`
16 | 2. Start credhub with docker with binding uaa: `docker run -d --link uaa -e UAA_URL=http://localhost:8080/uaa -e UAA_INTERNAL_URL=http://uaa:8080/uaa -p 127.0.0.1:9000:9000 pcfseceng/uaa:latest`
17 | 
18 | ## Run docker-compose
19 | 
20 | Clone this repo and run `docker-compose up -d` inside folder [/docker-compose](/docker-compose).
21 | 
22 | ## Use with credhub-cli
23 | 
24 | You can now connect to credhub with this command:
25 | 
26 | ```bash
27 | credhub-cli login -s https://localhost:9000 -u credhub -p password --skip-tls-validation
28 | ```
29 | 


--------------------------------------------------------------------------------
/docker-compose/config/uaa.yml:
--------------------------------------------------------------------------------
 1 | scim:
 2 |   users:
 3 |     - credhub|password|credhub|Credhub|User|credhub.read,credhub.write
 4 | oauth:
 5 |   clients:
 6 |     credhub_cli:
 7 |       override: true
 8 |       authorized-grant-types: password,refresh_token
 9 |       # scopes the client may receive
10 |       scope: credhub.read,credhub.write
11 |       authorities: uaa.resource
12 |       access-token-validity: 86400 # 1 day
13 |       refresh-token-validity: 172800 # re-login required every other day
14 |       secret: "" # CLI expects this secret to be empty
15 |     credhub_client:
16 |       override: true
17 |       authorized-grant-types: client_credentials
18 |       secret: secret
19 |       scope: uaa.none
20 |       authorities: credhub.read,credhub.write
21 |       access-token-validity: 86400 # 1 day
22 | jwt:
23 |   token:
24 |     verification-key: |
25 |       -----BEGIN PUBLIC KEY-----
26 |       MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEsIhHyxd2xwI1AqZkma
27 |       OzqvyrLVJiYXhNc555MWCa+cOP/YcGY8htZS1Z0r3t9o9pHcFmUe5BTgrlMRnvQC
28 |       04SFV1hS+hs1Pct9E//Fcf/Db2AmbWhAZjki9McE+40DeXz5sjRMKxzVXnNDEJVm
29 |       Ucr6T65PRdIzKud00JBvkhD2ZIodVh6TUjP8fJIB8BJVZagUQwhBpIOODwgc165g
30 |       SAn0TwAtrj9SFDy64i74kOPlF8wZ26JIPebisIMDBQmzzp9zoPZ9sSD3yo7bGdXp
31 |       UPu94Z3/oU7e3YnA3BFpryjuFogpq8/9MPb2cKhENywTr0ljF0zHaazKViPiTwfu
32 |       cwIDAQAB
33 |       -----END PUBLIC KEY-----
34 |     signing-key: |
35 |       -----BEGIN RSA PRIVATE KEY-----
36 |       MIIEowIBAAKCAQEAyEsIhHyxd2xwI1AqZkmaOzqvyrLVJiYXhNc555MWCa+cOP/Y
37 |       cGY8htZS1Z0r3t9o9pHcFmUe5BTgrlMRnvQC04SFV1hS+hs1Pct9E//Fcf/Db2Am
38 |       bWhAZjki9McE+40DeXz5sjRMKxzVXnNDEJVmUcr6T65PRdIzKud00JBvkhD2ZIod
39 |       Vh6TUjP8fJIB8BJVZagUQwhBpIOODwgc165gSAn0TwAtrj9SFDy64i74kOPlF8wZ
40 |       26JIPebisIMDBQmzzp9zoPZ9sSD3yo7bGdXpUPu94Z3/oU7e3YnA3BFpryjuFogp
41 |       q8/9MPb2cKhENywTr0ljF0zHaazKViPiTwfucwIDAQABAoIBAQC2xNlp5Esg2d/e
42 |       KXn3SvSlVaEyS0v7esj9XFSnf22duxTIYpaDwpc6x3phGQH+Z0llrqXx/aZZpL99
43 |       86lhrfKiRwxSLvPQ7GECGZzyUfQ/WY9iI5ANSBNz9HF0geOHFB92jddgiR50PORr
44 |       QqyRBnOO8bTGXx5RbUVpwjmzVAmrc5cn0I2PyADDxRKfAPdIzbT4ukk4y08DSf2d
45 |       3oHf4E0t8F7uxaNN1L3iRuo75JbGApHlvuN2nmO7smMgFaHvVXcAql4O5qgb1s08
46 |       vxk7Hmmyy4JDLw8GQWWSjzMS7laL2P4gRRD4Rv5GV9AA7BkP4TXsEazSv0y2ygVJ
47 |       P2o6G2XZAoGBAO+RqHoIGv2m25BupSPJMO5DnQDaSURqXnvznejAYriQwxlIgIQb
48 |       QM69qkLcA9PxMGqvGMwUS4aF8/Jrg3pFQrqqK9JZUqRqIMIRP3BIbk9l5cILDwoR
49 |       UNlE+0v5fPCa7RP9MVM7DbqcOhoYPQ+WYNcd+tB1Hwd+HRZL7TVmI6ldAoGBANYH
50 |       xV3NMAMNIXBWzVJooMyWqFdYCCbc92DzNJwlJ99SS+YYP5aWUfMmif2m5KzdIdti
51 |       EyPFD+r2gt65oKKAiVM5r88/1mZVZJr00KpJjaCva5f5d2JoM39TtenfUyoLFE1u
52 |       74ndjbQLXEX4E4/pCdjnE8Kqag8NnrGtAIxGiuoPAoGAG1E/pdKgyUWqibikKgV6
53 |       B+E72OoLKrr6VSX9Xpn5Z9RR+uMSjH3TEP/9lywhX5yECdY3fKXfytIhdAYgcuPM
54 |       7R4UayL2UnsrixWOZ05LDdCvt0WtjFdXIb9E7G/heEoiOIJJipUURrAjy+/xnoJm
55 |       PoFTpUuFo0QVKwKzZMBl1p0CgYB3zj/Hgw0GGDqIlL44DAM+onK2+bsObhA3f8wK
56 |       P64zDvEXaqlllN1om0EQ8HP+44WJNTv7gNqpLrYREJ1/eS3lnVvxSg2smM5JAxMu
57 |       zx9tO+ShXG5ccnGpK2Wf9XerCCqkMZ36cT9Z8iYDsJraqprthGQGSrg1lu0nDe1J
58 |       mE84NwKBgFkOV3DcMOgUfPDA/goiBkiZnv8nFAebgYsSHrePjL3DOKV2agCuXDjO
59 |       LqSIlJ1UdBuWc6JWyQHn9x7t72acsRrtpRP4y4CQU5281/QcGqxCEcAGeTw1W9ni
60 |       HsxZCNa+Lefc/Qe9qao7x636FtQtMfkb76EMxduFawhgHuDQ53/j
61 |       -----END RSA PRIVATE KEY-----
62 | 


--------------------------------------------------------------------------------
/docker-compose/docker-compose.yml:
--------------------------------------------------------------------------------
 1 | version: '2'
 2 | 
 3 | services:
 4 |   uaa:
 5 |     image: pcfseceng/uaa
 6 |     volumes:
 7 |       - ./config/uaa.yml:/uaa/uaa.yml
 8 |     ports:
 9 |     - 8080:8080
10 |     restart: always
11 | 
12 |   credhub:
13 |     image: orangeopensource/credhub
14 |     ports:
15 |       - "9000:9000"
16 |     links:
17 |       - uaa:uaa
18 |     depends_on:
19 |       - uaa
20 |     environment:
21 |       UAA_URL: http://localhost:8080/uaa
22 |       UAA_INTERNAL_URL: http://uaa:8080/uaa
23 | 


--------------------------------------------------------------------------------
/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | set -e
 3 | 
 4 | profile_uaa=""
 5 | 
 6 | if [ "x$UAA_URL" != "x" ]; then
 7 | 	profile_uaa=",dev-uaa"
 8 | 	cat <<EOF > src/main/resources/application-dev-uaa.yml
 9 | auth_server:
10 |   url: ${UAA_URL}
11 |   internal_url: ${UAA_INTERNAL_URL:-"~"}
12 | security:
13 |   oauth2:
14 |     enabled: true
15 | EOF
16 | 
17 | fi
18 | 
19 | exec ./gradlew --no-daemon bootRun \
20 |  -Djava.security.egd=file:/dev/urandom \
21 |  -Djdk.tls.ephemeralDHKeySize=3072 \
22 |  -Djdk.tls.namedGroups='secp384r1' \
23 |  -Djavax.net.ssl.trustStore=src/test/resources/auth_server_trust_store.jks \
24 |  -Djavax.net.ssl.trustStorePassword=changeit \
25 |  -Dspring.profiles.active=dev,dev-h2${profile_uaa} "$@"


--------------------------------------------------------------------------------