Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Start vault with file backend

~ docker run --rm --cap-add=IPC_LOCK --name vault -e 'VAULT_LOCAL_CONFIG={"api_addr": "http://127.0.0.1:8200", "backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h",  "listener": { "tcp": { "address": "0.0.0.0:8200", "tls_disable": 1 } }, "ui": true}' vault server
==> Vault server configuration:

             Api Address: http://127.0.0.1:8200
                     Cgo: disabled
         Cluster Address: https://127.0.0.1:8201
              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: info
                   Mlock: supported: true, enabled: true
                 Storage: file
                 Version: Vault v1.1.3
             Version Sha: 9bc820f700f83a7c4bcab54c5323735a581b34eb

==> Vault server started! Log data will stream in below

Vault initialization

~ docker exec -it vault /bin/sh
~ export VAULT_ADDR='http://127.0.0.1:8200'
~ cat > vaultpolicy.hcl <<EOF
path "transit/datakey/plaintext/my-minio-key" { 
  capabilities = [ "read", "update"]
}
path "transit/decrypt/my-minio-key" { 
  capabilities = [ "read", "update"]
}
path "transit/encrypt/my-minio-key" { 
  capabilities = [ "read", "update"]
}

EOF
~ vault operator init
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.