Tutorial for Creating a Customized Vault Docker Container

[D_B]

 Good Morning,

 Are there any good tutorials or examples of how to create a customized Docker image for Vault?

Thanks!

[Randy Fay]

Hi Darryl - What we did was just inherit from the official vault image, just this: https://github.com/drud/vault-consul-on-kube/tree/master/vaultimage

-Randy

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/1546a258-891a-47a8-82e3-166a161368bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Randy Fay

ra...@randyfay.com

+1  970.462.7450

[D_B]

Cool, thanks!

  I'm just not seeing where/how you actually configure Vault's backends and policies with that though?

Darryl

On Monday, April 24, 2017 at 9:34:21 AM UTC-4, Randy Fay wrote:

Hi Darryl - What we did was just inherit from the official vault image, just this: https://github.com/drud/vault-consul-on-kube/tree/master/vaultimage

-Randy

On Mon, Apr 24, 2017 at 6:17 AM, D_B <darryl...@gmail.com> wrote:

 Good Morning,

 Are there any good tutorials or examples of how to create a customized Docker image for Vault?

Thanks!

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.

To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/1546a258-891a-47a8-82e3-166a161368bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Randy Fay]

So we manage backends manually, since they're one-time operations.

For policies, we have a completely separate (private) repository, with a script that applies them.

I'm sure there are other ways to do this, but I wouldn't expect the vault policies and backends to be tightly coupled to the container it ran in. The README.md for vault-consul-on-kube may give you context on the separation we're using, but if you're not using kubernetes it might be overkill, still the same ideas are there for any implementation.

-Randy

[Steve Dillon]

Until we get Vault Policies configured by Terraform (Wish, Wish) we have a shell script that does initial configuration and then setup mounts, policies and user groups.  Before you do any configuring you need to unseal the container, and except for pure Dev/Test scenarios you just can't do that with scripts.

I'm struggling to think of much stateful data that is actually in the container other than the config file vault.hcl.  vault.hcl configures the backend, and that is really where all that configuration data ends up.  You can't "bake" configuration into the container, it all passes through to the backend.