mirrors/dockerfiles_vimagick
2
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2026-01-04 03:54:55 +01:00
Code Issues Projects Releases Wiki Activity
Files
c6d785bbfcac0e79d4a1b3aace819337fdba886c
dockerfiles_vimagick/vault/README.md
kev c6d785bbfc update
2015-07-18 16:24:47 +08:00

62 lines
1.3 KiB
Markdown
Raw Blame History

vault
=====
![](https://badge.imagelayers.io/vimagick/vault:latest.svg)
[`Vault`][1] is a tool for securely accessing secrets. A secret is anything
that you want to tightly control access to, such as API keys, passwords,
certificates, and more. Vault provides a unified interface to any secret, while
providing tight access control and recording a detailed audit log.
## docker-compose.yml
```
data:
image: busybox
volumes:
- /var/lib/vault
vault:
image: vimagick/vault
ports:
- "8200:8200"
volumes:
- vault/vault.crt:/etc/vault/vault.crt
- vault/vault.key:/etc/vault/vault.key
volumes_from:
- data
privileged: true
restart: always
```
> You can also mount customized `vault.hcl`.
## server
```
$ cd ~/fig/vault
$ mkdir vault
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout vault/vault.key -out vault/vault.crt
$ docker-compose up -d
$ docker cp vault_vault_1:/usr/bin/vault /usr/local/bin/
```
## client
```
$ export VAULT_ADDR='https://127.0.0.1:8200'
$ vault status
$ vault init | tee vault.secret
$ vault unseal
$ vault auth
$ vault write secret/name key=value
$ vault read secret/name
$ vault seal
```
- Split `vault.secret`, keep them a secret.
- Run `vault unseal` 3 times to unseal.
- Use `key=@value` to read secret from file.
[1]: https://www.vaultproject.io/
Reference in New Issue View Git Blame Copy Permalink