Vault - acehippo/slowmotion GitHub Wiki
setup
$ docker run -d -p 8200:8200 --hostname vault --name vault --link consul:consul \
-v $PWD/test.hcl:/config/config.hcl sjourdan/vault server --config=/config/config.hcl
$ docker run -d -p 8400:8400 -p 8500:8500 -p 53:53/udp -h consul-server-node \
-v /mnt/consul:/data --name consul progrium/consul -server -bootstrap
$ export VAULT_ADDR="http://127.0.0.1:8200"
docker-compose.yml
dev:
image: vault:0.6.1
restart: always
ports:
- 8200
dns:
- 8.8.8.8
- 8.8.4.4
hostname: vault-dev
environment:
- VAULT_ADDR=http://vault:8200
- VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"consul:8500","path":"vault"}},"listener":{"tcp":{"address":"vault:8200","tls_disable":1}},"disable_mlock":true}
stdin_open: true
tty: true
command: vault server -config=/vault/config
vault commands
$ vault init
$ vault unseal
$ vault auth {token}
$ vault write secret/hello value=world
$ vault read secret/hello
Key Value
--- -----
refresh_interval 2592000
value world
# create token with policy
$ cat /vault/config/griffin.hcl
path "secret/sdc/uuid/*" {
policy = "read"
}
path "secret/keys/docker/*" {
policy = "read"
}
$ vault token-create -policy="griffin"
Key Value
--- -----
token 39e14294-0f4f-158a-5cb9-13809dc3b05d
token_accessor e3daeb92-e912-4c48-f186-9b81513be304
token_duration 720h0m0s
token_renewable true
token_policies [default griffin]