Last active
August 3, 2025 17:03
-
-
Save tuckcodes/0dfb7905e682d4c630d5eaa55faf2b72 to your computer and use it in GitHub Desktop.
Vault ddil demo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3.8' | |
| services: | |
| # The central Vault server for the demo | |
| vault-server: | |
| image: vault:latest | |
| ports: | |
| - "8200:8200" | |
| environment: | |
| - VAULT_ADDR=http://0.0.0.0:8200 | |
| - VAULT_API_ADDR=http://0.0.0.0:8200 | |
| - VAULT_DEV_ROOT_TOKEN_ID=root # For demo purposes only | |
| - VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200 | |
| cap_add: | |
| - IPC_LOCK | |
| command: server | |
| # The API and Web GUI server | |
| demo-controller: | |
| build: | |
| context: ./demo-controller # Assumes a folder with Dockerfile and server code | |
| ports: | |
| - "8080:8080" | |
| volumes: | |
| # Mount the Docker socket to allow this container to run docker commands | |
| - /var/run/docker.sock:/var/run/docker.sock | |
| # Stryker 1 - Vault Agent | |
| stryker-1: | |
| image: vault:latest | |
| depends_on: | |
| - vault-server | |
| command: agent -config=/vault/config/agent-config.hcl | |
| volumes: | |
| - ./agent-config:/vault/config | |
| # Stryker 2 - Vault Agent | |
| stryker-2: | |
| image: vault:latest | |
| depends_on: | |
| - vault-server | |
| command: agent -config=/vault/config/agent-config.hcl | |
| volumes: | |
| - ./agent-config:/vault/config | |
| # Stryker 3 - Vault Agent | |
| stryker-3: | |
| image: vault:latest | |
| depends_on: | |
| - vault-server | |
| command: agent -config=/vault/config/agent-config.hcl | |
| volumes: | |
| - ./agent-config:/vault/config |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Exit immediately if a command exits with a non-zero status. | |
| set -e | |
| # Treat unset variables as an error when substituting. | |
| set -u | |
| # Pipes will fail if any command in the pipe fails. | |
| set -o pipefail | |
| # --- Configuration & Helper Functions --- | |
| GREEN='\033[0;32m' | |
| YELLOW='\033[1;33m' | |
| NC='\033[0m' # No Color | |
| COMPOSE_URL="https://gist.githubusercontent.com/tuckcodes/0dfb7905e682d4c630d5eaa55faf2b72/raw/8d15f80eab4ddfbadb743c3fd024aac1f21eab3e/ddil-vault-compose.yaml" | |
| COMPOSE_FILE="ddil-vault-compose.yaml" | |
| print_message() { | |
| echo -e "${GREEN}▶ $1${NC}" | |
| } | |
| check_dependency() { | |
| if ! command -v "$1" &> /dev/null; then | |
| echo -e "${YELLOW}Error: '$1' command not found. Please install it and try again.${NC}" | |
| exit 1 | |
| fi | |
| } | |
| # --- Phase 1: Pre-flight Checks --- | |
| print_message "Phase 1: Running Pre-flight Checks..." | |
| check_dependency "docker" | |
| check_dependency "docker-compose" | |
| check_dependency "curl" | |
| # --- Phase 2: Environment Cleanup & Setup --- | |
| print_message "Phase 2: Cleaning up and preparing the environment..." | |
| # Stop and remove any containers from previous runs using the compose file if it exists | |
| if [ -f "$COMPOSE_FILE" ]; then | |
| docker-compose -f "$COMPOSE_FILE" down --remove-orphans | |
| fi | |
| # --- NEW: Download the Docker Compose file from the static endpoint --- | |
| print_message "Downloading the latest Docker Compose configuration..." | |
| curl -s -o "$COMPOSE_FILE" "$COMPOSE_URL" | |
| # --- NEW: Generate .gitignore to protect secrets --- | |
| print_message "Generating .gitignore file..." | |
| cat > .gitignore << EOL | |
| # Ignore sensitive files generated by Vault | |
| vault-keys.json | |
| *.log | |
| # Ignore downloaded configuration files | |
| ${COMPOSE_FILE} | |
| # Ignore Node.js dependencies if the controller is developed locally | |
| demo-controller/node_modules/ | |
| # Ignore Docker Compose transient files | |
| .docker/ | |
| EOL | |
| # --- Phase 3: Build and Launch Environment --- | |
| print_message "Phase 3: Building and launching the demo environment with Docker Compose..." | |
| docker-compose -f "$COMPOSE_FILE" up --build -d | |
| # --- Phase 4: Final Output --- | |
| # Get the IP address of the Vault server container for easy access | |
| VAULT_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' vault-tactical-edge-demo_vault-server_1) | |
| print_message "Phase 4: Demo Environment is Ready!" | |
| echo "------------------------------------------------------------------" | |
| echo -e "${YELLOW}The Tactical Demo GUI is now running at:${NC} http://localhost:8080" | |
| echo -e "${YELLOW}The Vault Server UI is accessible at:${NC} http://${VAULT_IP}:8200" | |
| echo "" | |
| echo "Use the web GUI to run interactive scenarios against the live Vault instance." | |
| echo "The initial Unseal Key and Root Token will be printed in the Docker Compose logs." | |
| echo "You can view logs with: 'docker-compose -f ${COMPOSE_FILE} logs -f'" | |
| echo "------------------------------------------------------------------" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment