Skip to main content

Installation using Docker

Docker simplifies the configuration and deployment of container applications.

By defining containers in the docker-compose.yml file and customizing the parameters to suit your needs, you can create and start HashiCorp Vault CE with a single command, while also maintaining a clear overview of the configuration used.

Configuration

Prepare the following configuration files:

note

Replace the version of the Docker image with the current version.

File docker-compose.yml:

services:
  run:
    container_name: securosys_hashicorp_vault
    environment:
      - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
    volumes:
      - securosys_hashicorp_vault_config:/etc/app/config
      - securosys_hashicorp_vault_db:/etc/app/db
      - securosys_hashicorp_vault_plugins:/etc/app/plugins
    ports:
      - "0.0.0.0:8200:8200"
      - "0.0.0.0:8201:8201"
    image: securosys.jfrog.io/hcvault-ce-rest-integration/hcvault-ce-rest-integration:1.2.5.20231207103736
volumes:
  securosys_hashicorp_vault_config:
    driver: local
    driver_opts:
      o: bind
      type: none
      # Local absolute path to directory which contains all config files
      device: ./config/vault
  securosys_hashicorp_vault_db:
    driver: local
    driver_opts:
      o: bind
      type: none
      # Local absolute path to directory where we want to store database
      device: ./config/db
  securosys_hashicorp_vault_plugins:
    driver: local
    driver_opts:
      o: bind
      type: none
      # Local absolute path to directory where are stored custom plugins
      device: ./config/plugins

File config.hcl:

The configuration file differs slightly from the standalone version.

//Example of config.hcl for Docker image.
//Addresses or paths are relative to path and addresses inside docker image

storage "raft" {
  path = "/etc/app/db" //Do not change this path
  node_id = "raft_node"
}

listener "tcp" {
  address     = "0.0.0.0:8200" //Do not change this path
  tls_disable = 1
}

disable_mlock=true
plugin_directory="/etc/app/plugins" //Do not change this path
api_addr = "http://0.0.0.0:8200" //Do not change this addr
cluster_addr = "https://127.0.0.1:8201" //Do not change this addr
ui = true

Add below the config section seal "securosys-hsm" as shown in the auto-unseal chapter

Log in to the Container Registry

Log in to the Securosys container registry by running:

docker login securosys.jfrog.io -u robot.reader.hashicorpvault
  • User: robot.reader.hashicorpvault,
  • Password: FTTGEcruzB_QUf3LBsq+KVV3wYuSx_

Run the Container

Launch the container: docker compose up. To run in detached mode (to free your terminal), use docker compose up --detach. This should be executed in the directory where the docker-compose.yml is located.

Get started withCloudHSM for free.
Other questions?Ask Sales.
Last updated on
Feedback
Need help?