Skip to content

Instantly share code, notes, and snippets.

What would you like to do?

Start vault with file backend

~ docker run --rm --cap-add=IPC_LOCK --name vault -e 'VAULT_LOCAL_CONFIG={"api_addr": "", "backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h",  "listener": { "tcp": { "address": "", "tls_disable": 1 } }, "ui": true}' vault server
==> Vault server configuration:

             Api Address:
                     Cgo: disabled
         Cluster Address:
              Listener 1: tcp (addr: "", cluster address: "", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: info
                   Mlock: supported: true, enabled: true
                 Storage: file
                 Version: Vault v1.1.3
             Version Sha: 9bc820f700f83a7c4bcab54c5323735a581b34eb

==> Vault server started! Log data will stream in below

Vault initialization

~ docker exec -it vault /bin/sh
~ export VAULT_ADDR=''
~ cat > vaultpolicy.hcl <<EOF
path "transit/datakey/plaintext/my-minio-key" { 
  capabilities = [ "read", "update"]
path "transit/decrypt/my-minio-key" { 
  capabilities = [ "read", "update"]
path "transit/encrypt/my-minio-key" { 
  capabilities = [ "read", "update"]

~ vault operator init
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.