Skip to main content

Installation using Docker

Docker simplifies the configuration and deployment of container applications.

By defining services in the docker-compose.yml file and customizing the parameters to suit your needs, you can easily create and start Hashicorp Vault with a single command.

prerequisites

Ensure docker and docker-compose are installed on your machine.

Configuration

Prepare the additional configurations files for docker image:

note

The {$version} has to be replaced with the current version of the docker image.

File docker-compose.yml:

version: "3.3"
services:
run:
container_name: securosys_hashicorp_vault
environment:
- "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
volumes:
- securosys_hashicorp_vault_config:/etc/app/config
- securosys_hashicorp_vault_db:/etc/app/db
- securosys_hashicorp_vault_plugins:/etc/app/plugins
ports:
- "0.0.0.0:8200:8200"
- "0.0.0.0:8201:8201"
image: securosys.jfrog.io/hcvault-ce-rest-integration/hcvault-ce-rest-integration:1.2.5.20231207103736
volumes:
securosys_hashicorp_vault_config:
driver: local
driver_opts:
o: bind
type: none
# Local absolute path to directory which contains all config files
device: ./config/vault
securosys_hashicorp_vault_db:
driver: local
driver_opts:
o: bind
type: none
# Local absolute path to directory where we want to store database
device: ./config/db
securosys_hashicorp_vault_plugins:
driver: local
driver_opts:
o: bind
type: none
# Local absolute path to directory where are stored custom plugins
device: ./config/plugins

File config.hcl:

The configuration file differs slightly from the standalone version.

//Example of config.hcl for Docker image.
//Addresses or paths are relative to path and addresses inside docker image

storage "raft" {
path = "/etc/app/db" //Do not change this path
node_id = "raft_node"
}

listener "tcp" {
address = "0.0.0.0:8200" //Do not change this path
tls_disable = 1
}

disable_mlock=true
plugin_directory="/etc/app/plugins" //Do not change this path
api_addr = "http://0.0.0.0:8200" //Do not change this addr
cluster_addr = "https://127.0.0.1:8201" //Do not change this addr
ui = true


Add below the config section seal "securosys-hsm" as shown in the auto-unseal chapter

Run Container

Once your Hashicorp Vault instance is fully configured, you can launch the application with the command: docker-compose up, execute in the directory where the docker-compose.yml file is located.

Use the command securosys_hashicorp_vault to initiate the startup process of the service.

Transaction Security Broker (TSB) - Dispatched
  • docker-compose up -d starts the contianers in dispatched mode
  • Credentials:
    • User: robot.reader.hashicorpvault
    • Password: FTTGEcruzB_QUf3LBsq+KVV3wYuSx_
    :~/$ docker login securosys.jfrog.io -u robot.reader.hashicorpvault
Password:
Login Succeeded