зеркало из
https://github.com/iharh/notes.git
synced 2025-10-30 13:16:07 +02:00
84 строки
3.5 KiB
Plaintext
84 строки
3.5 KiB
Plaintext
https://hub.docker.com/_/vault
|
|
https://github.com/hashicorp/docker-vault
|
|
|
|
https://stackoverflow.com/questions/72944271/hashicorp-vault-container-dont-save-my-secrets-on-local-volume-when-i-restart-d
|
|
entrypoint: vault server -dev -dev-listen-address="0.0.0.0:8200" -dev-root-token-id="root"
|
|
...
|
|
vault-init:
|
|
container_name: vault-init
|
|
image: vault:1.12.0
|
|
volumes:
|
|
- ./vault-init.sh:/vault-init.sh
|
|
depends_on:
|
|
- vault
|
|
restart: "no"
|
|
entrypoint: sh -c "/vault-init.sh"
|
|
https://github.com/philips-labs/vault-ca/tree/master
|
|
https://github.com/philips-labs/vault-ca/blob/master/docker-compose.yml
|
|
https://github.com/philips-labs/vault-ca/blob/master/volumes/config/config.hcl
|
|
! really simple one !
|
|
https://stackoverflow.com/questions/64802234/hashicorp-vault-error-initializing-listener-of-type-tcp-error-loading-tls-c
|
|
!
|
|
https://open-amt-cloud-toolkit.github.io/docs/1.5/Docker/dockerLocal_prodVault/
|
|
! prod-mode
|
|
https://cosced.ru/virtualization/container/docker/running-vault-in-docker-compose/
|
|
https://stackoverflow.com/questions/45171564/using-vault-with-docker-compose-file
|
|
!!!
|
|
https://github.com/algolia/sup3rS3cretMes5age
|
|
! from Misha
|
|
|
|
|
|
docker run --cap-add=IPC_LOCK -d --name=devvault vault:latest
|
|
docker run --rm -it --cap-add=IPC_LOCK -p 8200:8200 -e 'VAULT_DEV_ROOT_TOKEN_ID=myroot' --name=devvault vault:latest
|
|
-e 'VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:1234'
|
|
|
|
docker exec -it -e 'VAULT_ADDR=http://0.0.0.0:8200' devvault vault status
|
|
|
|
export VAULT_ADDR='http://0.0.0.0:8200'
|
|
curl "http://0.0.0.0:8200/v1/sys/seal-status"
|
|
curl "http://127.0.0.1:8200/v1/sys/seal-status"
|
|
|
|
docker run --volume config/:/vault/config.d ...
|
|
|
|
==> Vault server configuration:
|
|
|
|
Api Address: http://0.0.0.0:8200
|
|
Cgo: disabled
|
|
Cluster Address: https://0.0.0.0:8201
|
|
Go Version: go1.19.3
|
|
Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
|
|
Log Level: info
|
|
Mlock: supported: true, enabled: false
|
|
Recovery Mode: false
|
|
Storage: inmem
|
|
Version: Vault v1.12.2, built 2022-11-23T12:53:46Z
|
|
Version Sha: 415e1fe3118eebd5df6cb60d13defdc01aa17b03
|
|
...
|
|
You may need to set the following environment variables:
|
|
$ export VAULT_ADDR='http://0.0.0.0:8200'
|
|
|
|
Unseal Key: XALFgHs7uEmsMgge1d4JuiWseMXV+roOh16m3rvSAiE=
|
|
Root Token: hvs.8SYT7DPKv3VHy7GkvtmQLV0V
|
|
|
|
The container exposes two optional VOLUMEs:
|
|
|
|
/vault/logs
|
|
, to use for writing persistent audit logs.
|
|
By default nothing is written here; the file audit backend must be enabled with a path under this directory.
|
|
/vault/file
|
|
, to use for writing persistent storage data when using thefile data storage plugin.
|
|
By default nothing is written here (a dev server uses an in-memory data store);
|
|
the file data storage backend must be enabled in Vault's configuration before the container is started.
|
|
|
|
The container has a Vault configuration directory set up at
|
|
/vault/config
|
|
and the server will load any HCL or JSON configuration files placed here by binding a volume or by composing a new image and adding files.
|
|
Alternatively, configuration can be added by passing the configuration JSON via environment variable
|
|
VAULT_LOCAL_CONFIG.
|
|
|
|
|
|
compose:
|
|
https://mylinuxblog.ru/ustnovka-i-nastroyka-vault-v-docker/
|
|
cap_add:
|
|
- IPC_LOCK
|