Installation using Docker

Docker simplifies the configuration and deployment of container applications. By defining services in the docker-compose.yml file and customizing the parameters to suit your needs, you can easily create and start Hashicorp Vault with a single command. We assume docker and docker-compose to be installed on your machine already, if not please install it using the official userguide.

• Install Docker Engine
• Overview of installing Docker Compose

Configuration

Prepare the additional configurations files for docker image:

note

The {$version} has to be replaced with the current version of the docker image.

File docker-compose.yml:

version: "3.3"
services:
  run:
    container_name: securosys_hashicorp_vault
    environment:
      - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
    volumes:
      - securosys_hashicorp_vault_config:/etc/app/config
      - securosys_hashicorp_vault_db:/etc/app/db
      - securosys_hashicorp_vault_plugins:/etc/app/plugins
    ports:
      - "0.0.0.0:8200:8200"
      - "0.0.0.0:8201:8201"
    image: securosys.jfrog.io/hcvault-ce-rest-integration/hcvault-ce-rest-integration:1.2.5.20231207103736
volumes:
  securosys_hashicorp_vault_config:
    driver: local
    driver_opts:
      o: bind
      type: none
      # Local absolute path to directory which contains all config files
      device: ./config/vault
  securosys_hashicorp_vault_db:
    driver: local
    driver_opts:
      o: bind
      type: none
      # Local absolute path to directory where we want to store database
      device: ./config/db
  securosys_hashicorp_vault_plugins:
    driver: local
    driver_opts:
      o: bind
      type: none
      # Local absolute path to directory where are stored custom plugins
      device: ./config/plugins

File config.hcl:

The configuration file differs slightly from the standalone version.

//Example of config.hcl for Docker image.
//Addresses or paths are relative to path and addresses inside docker image

storage "raft" {
  path = "/etc/app/db" //Do not change this path
  node_id = "raft_node"
}

listener "tcp" {
  address     = "0.0.0.0:8200" //Do not change this path
  tls_disable = 1
}

disable_mlock=true
plugin_directory="/etc/app/plugins" //Do not change this path
api_addr = "http://0.0.0.0:8200" //Do not change this addr
cluster_addr = "https://127.0.0.1:8201" //Do not change this addr
ui = true

Add below the config section seal "securosys-hsm" as shown in the auto-unseal chapter

Run Container

After you have configured you Hashicorp Vault instance you can launch the application by a single command: docker-compose up, execute in the directory where the docker-compose.yml file is located. This command initiates the startup process of the service: securosys_hashicorp_vault

TSB - Dispatched

• docker-compose up -d starts the contianers in dispatched mode
  
• Credentials:
  • User: robot.reader.hashicorpvault
  • Password: FTTGEcruzB_QUf3LBsq+KVV3wYuSx_

    :~/$ docker login securosys.jfrog.io -u robot.reader.hashicorpvault
    Password:
    Login Succeeded