A quick and easy way to run Vault on Docker against an AWS DynamoDB.
- Build and tag an image by using the Dockerfile in this directory.
docker build --rm -t <image_name> .
- Optionally, push the image to the registry.
docker push <image_name>
You can also use docker-compose and the provided vault.yml file to build the image. This is the preferred method if you intend to run via the compose as documented below.
docker-compose -f vault.yml build
- You must have an IAM user AWS_ACCESS_KEY_ID and an AWS_SECRET_ACCESS_KEY with permissions to create and modify DynamoDB Tables.
Fill in the required parameters in the vault.yml docker compose file as necessary for your environment. This example demonstrates using and mounting an external volume containing SSL certificates. These could also be “baked” in to your image via an ADD or COPY instruction in the Dockerfile.
- "VAULT_ADDR=https://127.0.0.1:8200"
- "AWS_ACCESS_KEY_ID=YOURKEYID"
- "AWS_SECRET_ACCESS_KEY=YOURKEYSECRET"
- "AWS_REGION=us-west-2"
- "DYNAMO_DB_TABLE=vault-test"
- "SSL_CERT_PATH=/path/to/your/cert.pem"
- "SSL_KEY_PATH=/path/to/your/key.pem"
This is the address at which vault listens for incoming requests. Typically should be set to https://127.0.0.1:8200 as configured in this example for running inside a container.
AWS access key ID credential with permissions to create/modify DynamoDB tables.
AWS secret key credential with permissions to create/modify DynamoDB tables.
The region you wan the DynamoDB to be deployed in.
The name of the DynamoDB table to deploy/connect to.
Path relative to inside the container to a valid SSL certificate.
Path relative to inside the container to a valid SSL key.
Once configured, the application can be brought up with a simple docker-compose command.
docker-compose -f vault.yml up