Hashicorp KeyVault in Docker compose

# Hashicorp KeyVault in Docker compose To set up HashiCorp Vault in Docker Compose with SSL certificates, you'll need to follow a few steps. In this example, I'll guide you through a basic setup using self-signed certificates for simplicity. In a production environment, you should use valid SSL certificates from a trusted certificate authority (CA). 1. **Create SSL Certificates:** Generate self-signed certificates for Vault. You can use the following commands to generate them: ```bash # Create a directory to store the certificates mkdir -p vault-certs # Generate SSL private key openssl genrsa -out vault-certs/vault.key 2048 # Generate Certificate Signing Request (CSR) openssl req -new -key vault-certs/vault.key -out vault-certs/vault.csr -subj "/CN=vault-server" # Generate the self-signed certificate openssl x509 -req -in vault-certs/vault.csr -signkey vault-certs/vault.key -out vault-certs/vault.crt ``` 2. **Create Docker Compose File:** Create a `docker-compose.yml` file with the following content: ```yaml version: '3' services: vault: image: hashicorp/vault:latest ports: - "8200:8200" environment: VAULT_DEV_ROOT_TOKEN_ID: "root" # Set a root token for development purposes volumes: - ./vault-certs:/vault/certs cap_add: - IPC_LOCK restart: always ``` 3. **Configure Vault with SSL:** Edit the Vault configuration to use SSL. Create a `config.hcl` file with the following content: ```hcl listener "tcp" { address = "0.0.0.0:8200" tls_disable = 0 tls_cert_file = "/vault/certs/vault.crt" tls_key_file = "/vault/certs/vault.key" } ``` 4. **Update Docker Compose File:** Modify the `docker-compose.yml` file to mount the `config.hcl` file into the Vault container: ```yaml version: '3' services: vault: image: hashicorp/vault:latest ports: - "8200:8200" environment: VAULT_DEV_ROOT_TOKEN_ID: "root" volumes: - ./vault-certs:/vault/certs - ./config.hcl:/vault/config/config.hcl cap_add: - IPC_LOCK command: ["server", "-config=/vault/config/config.hcl"] restart: always ``` 5. **Run Docker Compose:** Run the following command to start the Vault container: ```bash docker-compose up -d ``` This will start Vault with SSL configuration and the specified certificates. 6. **Access Vault:** You can now access Vault using HTTPS at `https://localhost:8200` or your server's IP address/domain. Remember that this setup uses self-signed certificates, which are not suitable for production. In a production environment, obtain valid SSL certificates from a trusted CA. Additionally, ensure that you manage secrets and tokens securely and follow best practices for Vault configuration and deployment.