From c6d785bbfcac0e79d4a1b3aace819337fdba886c Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Sat, 18 Jul 2015 16:24:47 +0800
Subject: [PATCH] update

---
 vault/Dockerfile            |  4 ++--
 vault/README.md             | 11 +++++++++--
 vault/docker-compose.yml    |  3 +++
 vault/{ => vault}/vault.hcl |  2 ++
 4 files changed, 16 insertions(+), 4 deletions(-)
 rename vault/{ => vault}/vault.hcl (53%)

diff --git a/vault/Dockerfile b/vault/Dockerfile
index a32663b..f6b88e5 100644
--- a/vault/Dockerfile
+++ b/vault/Dockerfile
@@ -17,10 +17,10 @@ RUN wget -O $VAULT_FILE $VAULT_URL \
     && chmod +x /usr/bin/vault \
     && rm $VAULT_FILE
 
-COPY vault.hcl /etc/
+COPY vault /etc/vault
 
 VOLUME /var/lib/vault
 
 EXPOSE 8200
 
-CMD ["vault", "server", "-config", "/etc/vault.hcl"]
+CMD ["vault", "server", "-config", "/etc/vault/vault.hcl"]
diff --git a/vault/README.md b/vault/README.md
index dcd6527..e568fce 100644
--- a/vault/README.md
+++ b/vault/README.md
@@ -20,16 +20,23 @@ vault:
   image: vimagick/vault
   ports:
     - "8200:8200"
+  volumes:
+    - vault/vault.crt:/etc/vault/vault.crt
+    - vault/vault.key:/etc/vault/vault.key
   volumes_from:
     - data
   privileged: true
   restart: always
 ```
 
+> You can also mount customized `vault.hcl`.
+
 ## server
 
 ```
 $ cd ~/fig/vault
+$ mkdir vault
+$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout vault/vault.key -out vault/vault.crt
 $ docker-compose up -d
 $ docker cp vault_vault_1:/usr/bin/vault /usr/local/bin/
 ```
@@ -39,7 +46,7 @@ $ docker cp vault_vault_1:/usr/bin/vault /usr/local/bin/
 ```
 $ export VAULT_ADDR='https://127.0.0.1:8200'
 $ vault status
-$ vault init | tee vault.key
+$ vault init | tee vault.secret
 $ vault unseal
 $ vault auth
 $ vault write secret/name key=value
@@ -47,7 +54,7 @@ $ vault read secret/name
 $ vault seal
 ```
 
-- Split `vault.key`, keep them a secret.
+- Split `vault.secret`, keep them a secret.
 - Run `vault unseal` 3 times to unseal.
 - Use `key=@value` to read secret from file.
 
diff --git a/vault/docker-compose.yml b/vault/docker-compose.yml
index 7e75516..1e6fb89 100644
--- a/vault/docker-compose.yml
+++ b/vault/docker-compose.yml
@@ -7,6 +7,9 @@ vault:
   image: vimagick/vault
   ports:
     - "8200:8200"
+  volumes:
+    - vault/vault.crt:/etc/vault/vault.crt
+    - vault/vault.key:/etc/vault/vault.key
   volumes_from:
     - data
   privileged: true
diff --git a/vault/vault.hcl b/vault/vault/vault.hcl
similarity index 53%
rename from vault/vault.hcl
rename to vault/vault/vault.hcl
index ee30826..e4240fe 100644
--- a/vault/vault.hcl
+++ b/vault/vault/vault.hcl
@@ -4,4 +4,6 @@ backend "file" {
 
 listener "tcp" {
   address = "0.0.0.0:8200"
+  tls_cert_file = "/etc/vault/vault.crt"
+  tls_key_file = "/etc/vault/vault.key"
 }