|
| 1 | +## Installing Vault with Docker |
| 2 | + |
| 3 | +### 1. Pull the Vault Image |
| 4 | +First, pull the specified version of the Vault image (1.13.3): |
| 5 | +```bash |
| 6 | +docker pull vault:1.13.3 |
| 7 | +``` |
| 8 | + |
| 9 | +### 2. Run the Vault Container |
| 10 | +Run the Vault container in development mode: |
| 11 | +```bash |
| 12 | +docker run --cap-add=IPC_LOCK -d --name=dev-vault vault:1.13.3 |
| 13 | +``` |
| 14 | + |
| 15 | +### 3. View Vault Startup Logs |
| 16 | +View the Vault startup logs to obtain the Root Token: |
| 17 | +```bash |
| 18 | +docker logs -f dev-vault |
| 19 | +``` |
| 20 | + |
| 21 | +Example log output: |
| 22 | +``` |
| 23 | + Api Address: http://127.0.0.1:8200 |
| 24 | + Cgo: disabled |
| 25 | + Cluster Address: https://127.0.0.1:8201 |
| 26 | + Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled") |
| 27 | + Log Level: info |
| 28 | + Mlock: supported: false, enabled: false |
| 29 | + Recovery Mode: false |
| 30 | + Storage: inmem |
| 31 | + Version: Vault v1.13.3 |
| 32 | +
|
| 33 | +WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory |
| 34 | +and starts unsealed with a single unseal key. The root token is already |
| 35 | +authenticated to the CLI, so you can immediately begin using Vault. |
| 36 | +
|
| 37 | +You may need to set the following environment variable: |
| 38 | +
|
| 39 | + $ export VAULT_ADDR='http://127.0.0.1:8200' |
| 40 | +
|
| 41 | +The unseal key and root token are displayed below in case you want to |
| 42 | +seal/unseal the Vault or re-authenticate. |
| 43 | +
|
| 44 | +Unseal Key: 1+yv+v5mz+aSCK67X6slL3ECxb4UDL8ujWZU/ONBpn0= |
| 45 | +Root Token: s.XmpNPoi9sRhYtdKHaQhkHP6x |
| 46 | +
|
| 47 | +Development mode should NOT be used in production installations! |
| 48 | +``` |
| 49 | + |
| 50 | +### 4. Configure the Vault Client |
| 51 | +Start a new terminal session and enter the container: |
| 52 | +```bash |
| 53 | +docker exec -it dev-vault /bin/sh |
| 54 | +``` |
| 55 | + |
| 56 | +Set the Vault address: |
| 57 | +```bash |
| 58 | +export VAULT_ADDR='http://127.0.0.1:8200' |
| 59 | +``` |
| 60 | + |
| 61 | +Set the Root Token as an environment variable: |
| 62 | +```bash |
| 63 | +export VAULT_TOKEN="s.XmpNPoi9sRhYtdKHaQhkHP6x" |
| 64 | +``` |
| 65 | + |
| 66 | +### 5. Verify the Vault Server is Running |
| 67 | +Within the container, run the following command to check the server status: |
| 68 | +```bash |
| 69 | +vault status |
| 70 | +``` |
| 71 | + |
| 72 | +If you encounter an error like: |
| 73 | +``` |
| 74 | +Error checking seal status: Get "https://127.0.0.1:8200/v1/sys/seal-status": http: server gave HTTP response to HTTPS client |
| 75 | +``` |
| 76 | +Ensure that the `VAULT_ADDR` environment variable is configured correctly. |
| 77 | + |
| 78 | +## Configure Vault Token in Services |
| 79 | +Configure the Root Token in the `application.yml` files of both the authorization-service and resource-service as `${vault_token}`. After starting the services, visit [http://127.0.0.1:8070/client/test](http://127.0.0.1:8070/client/test) in your browser. |
| 80 | + |
| 81 | +## References |
| 82 | +- [Vault Installation Guide](https://learn.hashicorp.com/tutorials/vault/getting-started-install?in=vault/getting-started) |
| 83 | +- [Vault Development Server Guide](https://learn.hashicorp.com/tutorials/vault/getting-started-dev-server?in=vault/getting-started) |
| 84 | +- [Vault Docker Image Details](https://registry.hub.docker.com/_/vault) |
0 commit comments