securitycommand-line-interfaceproduction-environmenthashicorp-vaultvault

How can I run Hashicorp Vault docker image with HTTPS on production


I've been trying to run the hashicorp/vault docker image in a production environment with https using docker.

I'm running a node server and using the hashi-vault-js npm package to connect to my vault

I did this in Dev mode and it was pretty easy but not so much in production.

In dev mode, I run:

sudo docker run --name=dev-vault --cap-add=IPC_LOCK -p 8200:8200 hashicorp/vault:latest server -dev

Then I export the VAULT_ADDR and VAULT_TOKEN by executing commands in the container's isolation mode.

But this will run it in Dev mode and without a secure SSL/TLS.

From the official docs, I created a vault.hcl and configured everything but it just always seems to want to find a local.json file ....really confused...(I'm new to Hashicorp vault).

So please how do I do this in production but with a secure SSL/TLS and without mlock 😞🥺🥺.


Solution

  • You have to change the docker entrypoint command like below to use a custom vault.hcl file.

    vault server -config=/vault/vault.hcl
    

    Example docker-compose.yaml file (vault.hcl file resides inside /home/volumes/vault/)

    version: "3.8"
    services:
      vault:
       image: hashicorp/vault
       container_name: vault
       environment:
          VAULT_ADDR: http://127.0.0.1:8200
       ports:
          - "8200:8200"
       volumes:
          - /home/volumes/vault/:/vault/:rw
       cap_add:
          - IPC_LOCK
       entrypoint: vault server -config=/vault/vault.hcl