Vault Development Docker Image

Docker image based on upstream official Vault image which allows pre-populating with secrets for local development/testing. DO NOT USE FOR PRODUCTION PURPOSES.

Secrets

The JSON file at /opt/secrets.json (override with $VAULT_SECRETS_FILE) will be read and written into the generic secret backend on startup.

The format is an object associating a path with value, as follows:

{
  "secret/foo/bar": "baz",
  "secret/something/else": "asdf1234"
}

Helm Chart

There is a bundled Helm chart included at .helm/charts/vault. See values.yaml for configuration.

Backends

The following backends can be enabled by setting the appropriate environment variable to 1:

App ID: $VAULT_USE_APP_ID
Kubernetes: $VAULT_USE_K8S

Kubernetes

Kubernets auth is supported but will only function when the container is running within a k8s pod. Set $VAULT_USE_K8S to "1" to enable the backend.

The following environment variables are supported:

VAULT_CA_CERT - This is the CA certificate bundle data for clients of the Kubernetes API, or the default value "@/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" will read it from the filesystem.
VAULT_K8S_HOST - Kubernetes API hostname (default: https://kubernetes.default)

VAULT_K8SROLES_FILE - JSON file containing one or more Vault k8s auth roles, in the following format (every field except name accepts multiple comma-separated values):

[
  {
      "name": "k8sauth",
      "service_accounts": "default,default2",
      "namespaces": "default,default2",
      "policies": "policy1,policy2"
  }
]

App ID (deprecated)

If the app ID backend is enabled, app ID profiles can be created by setting the file at /opt/app-id.json (override with $VAULT_APP_ID_FILE) as follows:

[
  {
    "name": "app-id-1",
    "policy": "root",
    "user_ids": [
      "asdf",
      "qwerty"
    ]
  },
  {
    "name": "app-id-2",
    "policy": "root",
    "user_ids": [
      "mary",
      "fred"
    ]
  }
]

Policies

Policies can be created by specifying the file at /opt/policies.json (override with $VAULT_POLICIES_FILE) as follows:

{
  "policy1": "path \"secret/*\" { policy = \"write\" }"
}

Healthcheck

The native Docker healthcheck will return healthy when all configured secrets have been written.

Authentication

The upstream vault image is mostly unmodified so it runs Vault in development by default (no auth necessary) and also respects the environment variable VAULT_DEV_ROOT_TOKEN_ID.

See https://hub.docker.com/_/vault/ for details.

Docker Registry

https://quay.io/dollarshaveclub/vault-dev

isabella232 / vault-dev-docker Goto Github PK

vault-dev-docker's Introduction

Vault Development Docker Image

Secrets

Helm Chart

Backends

Kubernetes

App ID (deprecated)

Policies

Healthcheck

Authentication

Docker Registry

vault-dev-docker's People

Contributors

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs