Vault - acehippo/slowmotion GitHub Wiki

setup

$ docker run -d -p 8200:8200 --hostname vault --name vault --link consul:consul \
  -v $PWD/test.hcl:/config/config.hcl sjourdan/vault server --config=/config/config.hcl

$ docker run -d -p 8400:8400 -p 8500:8500 -p 53:53/udp -h consul-server-node \
  -v /mnt/consul:/data --name consul progrium/consul -server -bootstrap

$ export VAULT_ADDR="http://127.0.0.1:8200"

docker-compose.yml

dev:
  image: vault:0.6.1
  restart: always
  ports:
    - 8200
  dns:
    - 8.8.8.8
    - 8.8.4.4
  hostname: vault-dev
  environment:
    - VAULT_ADDR=http://vault:8200
    - VAULT_LOCAL_CONFIG={"backend":{"consul":{"address":"consul:8500","path":"vault"}},"listener":{"tcp":{"address":"vault:8200","tls_disable":1}},"disable_mlock":true}
  stdin_open: true
  tty: true
  command: vault server -config=/vault/config

vault commands

$ vault init
$ vault unseal
$ vault auth {token}

$ vault write secret/hello value=world
$ vault read secret/hello
Key             	Value
---             	-----
refresh_interval	2592000
value           	world

# create token with policy
$ cat /vault/config/griffin.hcl 
path "secret/sdc/uuid/*" {
  policy = "read"
}

path "secret/keys/docker/*" {
  policy = "read"
}
$ vault token-create -policy="griffin"
Key             Value
---             -----
token           39e14294-0f4f-158a-5cb9-13809dc3b05d
token_accessor  e3daeb92-e912-4c48-f186-9b81513be304
token_duration  720h0m0s
token_renewable true
token_policies  [default griffin]