self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-05-29 22:57:35 +02:00
Code Issues Releases Activity

update

Browse Source
This commit is contained in:
kev 2015-07-18 15:44:59 +08:00
parent 751fbfecf5
commit fcd97071cb
1 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
vault/README.md
View File

@ -1,9 +1,52 @@
vault vault
===== =====
![](https://badge.imagelayers.io/vimagick/vault:latest.svg)
[`Vault`][1] is a tool for securely accessing secrets. A secret is anything [`Vault`][1] is a tool for securely accessing secrets. A secret is anything
that you want to tightly control access to, such as API keys, passwords, that you want to tightly control access to, such as API keys, passwords,
certificates, and more. Vault provides a unified interface to any secret, while certificates, and more. Vault provides a unified interface to any secret, while
providing tight access control and recording a detailed audit log. providing tight access control and recording a detailed audit log.
## docker-compose.yml
```
data:
image: busybox
volumes:
- /var/lib/vault
vault:
image: vimagick/vault
ports:
- "8200:8200"
volumes-from:
- data
restart: always
```
## server
```
$ cd ~/fig/vault
$ docker-compose up -d
$ docker cp vault_vault_1:/usr/bin/vault /usr/local/bin/
```
## client
```
$ export VAULT_ADDR='http://127.0.0.1:8200'
$ vault status
$ vault init | tee vault.key
$ vault unseal
$ vault auth xxxxxx
$ vault write secret/hello value=world
$ vault read secret/hello
$ vault seal
```
- Keep `vault.key` a secret.
- Run `vault unseal` 3 times.
[1]: https://www.vaultproject.io/ [1]: https://www.vaultproject.io/