I've been trying to run the hashicorp/vault docker image in a production environment with https using docker.
I'm running a node server and using the hashi-vault-js npm package to connect to my vault
I did this in Dev mode and it was pretty easy but not so much in production.
In dev mode, I run:
sudo docker run --name=dev-vault --cap-add=IPC_LOCK -p 8200:8200 hashicorp/vault:latest server -dev
Then I export the VAULT_ADDR and VAULT_TOKEN by executing commands in the container's isolation mode.
But this will run it in Dev mode and without a secure SSL/TLS.
From the official docs, I created a vault.hcl and configured everything but it just always seems to want to find a local.json file ....really confused...(I'm new to Hashicorp vault).
So please how do I do this in production but with a secure SSL/TLS and without mlock 😞🥺🥺.
You have to change the docker entrypoint command like below to use a custom vault.hcl
file.
vault server -config=/vault/vault.hcl
Example docker-compose.yaml
file (vault.hcl file resides inside /home/volumes/vault/
)
version: "3.8"
services:
vault:
image: hashicorp/vault
container_name: vault
environment:
VAULT_ADDR: http://127.0.0.1:8200
ports:
- "8200:8200"
volumes:
- /home/volumes/vault/:/vault/:rw
cap_add:
- IPC_LOCK
entrypoint: vault server -config=/vault/vault.hcl