Vault docker container on Alpine
This is an Docker container for Vault running on Alpine.
The versions in this Docker container:
The following volumes are available:
Vault is running as user vault. With the following capabilities (which are configured in this container)it should be no problem running Vault as non-root user:
--cap-add IPC_LOCK
should be added to the command line when to start the Vault container.)The UID used in this container is 1051. So make sure the id is already available on the host running the container when host mounts are used.
Python is also installed in the container. Python is used for testing the container, which is done with the tool testinfra
.
You can see in the tests
directory a file named test_vault.py
which will be executed. (Still WiP)
Just run the following command to download the container:
docker pull wdijkerman/vault
Suggested to use a secure Vault running is to make sure it can not use the swap. When configuring the container, please make sure it ran with --cap-add IPC_LOCK
.
There are 2 ways to configure Vault:
Make sure that before you start the Vault container a file is present in the container on location /vault/config/config.hcl
.
Please take a look at https://www.vaultproject.io/docs/configuration/index.html for correctly configuring the Vault instance.
There are several arguments that can be used for configuring this container.
Environment | Description |
---|---|
CONSUL_HOST | The fqdn or ip of the Consul agent. Default: consul
|
CONSUL_PORT | The port on which Consul is available. Default: 8500
|
CONSUL_SCHEME | If consul is on http or https. Default: http
|
CONSUL_TLS_SKIP_VERIFY | If the ssl certificate should be verified or not. Default: 1
|
CONSUL_TOKEN | If an Consul ACL token needs to be used for Vault. |
TLS_CRT_FILE | The location to the SSL CRT file. |
TLS_KEY_FILE | The location to the SSL KEY file. |
VAULT_LISTEN_ADDR | The IP/fqdn on which this Vault instance is listening on. |
VAULT_TCP_CLUSTER_ADDR | The IP/fqdn on which the Vault Cluster is listening on. |
Testinfra
Setting up a secure Consul cluster
Configuring Access Control Lists
Setting up a secure Vault with a Consul backend
The MIT License (MIT)
See file: License
Please report issues at https://github.com/dj-wasabi/vault/issues
Pull Requests are welcome!