Skip to content

Instantly share code, notes, and snippets.

@moertel
Last active January 8, 2023 08:49
Show Gist options
  • Save moertel/c0178fd80da51ed74f07121903e77b6c to your computer and use it in GitHub Desktop.
Save moertel/c0178fd80da51ed74f07121903e77b6c to your computer and use it in GitHub Desktop.
Try Vault with MySQL storage backend (via Docker)
version: '2'
services:
mcba-vault:
container_name: mcba-vault
image: vault:latest
restart: unless-stopped
volumes:
- ./vault.hcl:/etc/vault.hcl
links:
- "mcba-mysql:mcba-mysql"
ports:
- 8200:8200
command: "server -config=/etc/vault.hcl"
mcba-mysql:
container_name: mcba-mysql
image: mysql:5.7
ports:
- 3306:3306
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: "true"
MYSQL_ROOT_PASS: secret
MYSQL_USER: foo
MYSQL_PASSWORD: bar
MYSQL_DATABASE: vault

Initialise (will return keys and a token)

curl -X PUT http://0.0.0.0:8200/v1/sys/init --data '{"secret_shares":1, "secret_threshold":1}'

Use one of the keys to unseal

curl -X PUT http://0.0.0.0:8200/v1/sys/unseal --data '{"key":"a5e665962f544dd16471c120c5500a7906cfbaeb3f18ae0fc6c5c71d444f0a90"}'

Use the root token to store something

curl -X PUT http://0.0.0.0:8200/v1/secret/foo/bar -H "X-Vault-Token: f9bd7f8c-4234-e3de-acad-076682dd2733" --data '{"some_api_key":"bzzp"}'
backend "mysql" {
address = "mcba-mysql:3306"
username = "foo"
password = "bar"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
disable_mlock = true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment