Skip to content

Instantly share code, notes, and snippets.

@usmansaleem

usmansaleem/launchVaultServer.sh

Last active March 7, 2023 01:37
Show Gist options
  • Save usmansaleem/891d8b3de03786b89b45e62f97fdefa9 to your computer and use it in GitHub Desktop.
Save usmansaleem/891d8b3de03786b89b45e62f97fdefa9 to your computer and use it in GitHub Desktop.
Download ZIP
Launch Hashicorp Vault in docker in server mode with TLS enabled with inmem storage
Raw
launchVaultServer.sh
#! /bin/bash
set -e #exit if any command fails
# Run Hashicorp Vault in server mode with inmem storage and TLS enabled
VAULT_IMAGE="vault:latest"
VAULT_MOUNT="./vault/tls"
mkdir -p "$VAULT_MOUNT"
#Generate SSL certificates
echo "Generating SSL certificates..."
## Create following file req.conf
cat <<EOF > ./req.conf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = AU
ST = QLD
L = Brisbane
O = PegaSys
OU = Prod Dev
CN = localhost
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
IP.1 = 127.0.0.1
EOF
openssl req -x509 -nodes -days 36500 -newkey rsa:2048 -keyout "$VAULT_MOUNT/vault.key" \
-out "$VAULT_MOUNT/vault.crt" -config ./req.conf -extensions 'v3_req'
# Pull docker image
echo "Pulling vault docker image"
docker pull $VAULT_IMAGE
# Run Vault in docker in server mode
echo "Running vault in server mode"
export VAULT_LOCAL_CONFIG='{"storage": {"inmem": {}}, "listener": [{"tcp": { "address": "0.0.0.0:8200","tls_cert_file":"/vault/tls/vault.crt","tls_key_file":"/vault/tls/vault.key" }}], "default_lease_ttl": "168h", "max_lease_ttl": "720h", "ui": true}'
docker run --rm --cap-add=IPC_LOCK -p8200:8200 --name=test-vault \
-v "$VAULT_MOUNT:/vault/tls" \
-e 'VAULT_SKIP_VERIFY=true' \
-e VAULT_LOCAL_CONFIG \
$VAULT_IMAGE server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment