HashiCorp Vault

S. M. Arefin RumiS. M. Arefin Rumi
3 min read

HashiCorp Vault can be easily set up using Docker Compose. Below, I'll guide you through the process of creating a basic setup for Vault using Docker Compose.

Prerequisites

  • Make sure you have Docker and Docker Compose installed on your machine.

Docker and Docker Compose Installation

 #!/bin/bash

# Make the script executable
chmod +x "$0"

# Update the system and install required packages
sudo apt-get update -y
sudo apt-get install curl apt-transport-https ca-certificates software-properties-common -y

# Add Docker’s official GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# Add the Docker repository to APT sources
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

# Update the package database with Docker packages from the newly added repo
sudo apt update -y

# Check the Docker version to install
apt-cache policy docker-ce

# Install Docker
sudo apt install docker-ce -y

# Enable Docker to start on boot
sudo systemctl enable docker

# Check Docker status
sudo systemctl status docker

# Install Docker Compose
sudo apt install docker-compose -y

# Print success message
echo "Docker and Docker Compose have been successfully installed!"

Step 1: Create a Docker Compose File

Create a new directory for your Vault project:

mkdir vault-docker
cd vault-docker

Create a docker-compose.yml file in this directory with the following content:

version: '3.8'

services:
  vault:
    image: hashicorp/vault:latest
    container_name: vault
    ports:
      - "8200:8200"
    environment:
      - VAULT_DEV_ROOT_TOKEN_ID=myroot
      - VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200
    cap_add:
      - IPC_LOCK
    volumes:
      - vault_data:/vault/file
    command: server -dev

volumes:
  vault_data:

Step 2: Start Vault

Run the following command to start the Vault service using Docker Compose:

docker-compose up -d

Verify that Vault is running by checking the logs:

docker-compose logs -f

Step 3: Interact with Vault

Once Vault is running, you can interact with it using the Vault CLI or HTTP API. To use the CLI, you can run a command in the Vault container:

docker exec -it vault sh

Inside the container, you can initialize and unseal the Vault, but since we're using the -dev mode, it's already unsealed and initialized with the root token set to myroot.

Set the Vault address and token in your terminal:

export VAULT_ADDR='http://127.0.0.1:8200'
export VAULT_TOKEN='myroot'

Now you can run Vault commands. For example, to check the status of the Vault:

vault status

Step 4: Stopping Vault

When you're done, you can stop the Vault service with:

docker-compose down

http://localhost:8200

Notes

  • The above setup uses Vault in development mode (-dev). This is not suitable for production use. In production, you would need to configure storage backends, authentication methods, and other security settings.

  • The root token myroot is a very simple token for development. In a production setup, you should use more secure methods for authentication and token management.

0
Subscribe to my newsletter

Read articles from S. M. Arefin Rumi directly inside your inbox. Subscribe to the newsletter, and don't miss out.

hashicorp-vault

Written by

S. M. Arefin Rumi
S. M. Arefin Rumi