Skip to content

Instantly share code, notes, and snippets.

@sgleske-ias

sgleske-ias/README.md

Last active September 27, 2020 17:54
Show Gist options
  • Save sgleske-ias/108f78a21ed38e2dc3ccc04c9d297a5e to your computer and use it in GitHub Desktop.
Save sgleske-ias/108f78a21ed38e2dc3ccc04c9d297a5e to your computer and use it in GitHub Desktop.
Download ZIP
Try out vault UI with a simple docker-compose file.
Raw
README.md

Try out vault-ui

Based on cault but a little more succinct.

This quick gist is to try out vault-ui. High level steps include:

  1. Start containers.
  2. Initialize and unseal vault.
  3. Log into vault-ui via root token.

Prerequisites

Docker for mac which comes with docker-compose.

Start containers

From the working dir of docker-compose.yml execute the following:

docker-compose up -d

Initialize and unseal vault

Log into vault container and initialize vault:

docker exec -it vault sh
vault init

Note in the vault init output 5 keys and a root token. The keys are used to unseal the vault and root token is used to log into vault-ui.

Run vault unseal three times using the 3 unique keys.

Log into vault-ui

Visit http://localhost:8000/ and log into vault-ui.

Notes

  • consul is run in -dev mode so it will not persist the key/value store.
Raw
docker-compose.yml
version: '2.2'
services:
consul:
image: "consul"
hostname: "consul"
container_name: "consul"
command: "agent -dev -client 0.0.0.0"
init: true
ports:
- "8400:8400"
- "8500:8500"
- "8600:53/udp"
#volumes:
# - "./consul-data:/consul/data"
#command: "consul agent -data-dir=/consul/data -config-dir=/consul/config -client 0.0.0.0"
vault:
depends_on:
- consul
image: "vault"
hostname: "vault"
container_name: "vault"
init: true
links:
- "consul:consul"
environment:
VAULT_ADDR: "http://127.0.0.1:8200"
VAULT_LOCAL_CONFIG: '{"backend": {"consul": {"address": "consul:8500", "advertise_addr": "http://127.0.0.1:8200", "path":"vault", "scheme": "http"}}, "listener": {"tcp":{"address": "0.0.0.0:8200","tls_disable":"1"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h", "disable_mlock": "true"}'
ports:
- "8200:8200"
command: "vault server -config=/vault/config"
vault-ui:
depends_on:
- vault
image: "djenriquez/vault-ui"
hostname: "vault-ui"
container_name: "vault-ui"
init: true
links:
- "vault:vault"
environment:
VAULT_AUTH_DEFAULT: "TOKEN"
VAULT_URL_DEFAULT: "http://vault:8200"
ports:
- "8000:8000"
@tmpm697
Copy link

tmpm697 commented Apr 8, 2019

I don't see "consul" when trying to add new "new secret backend", even after "vault secrets enable consul"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment