| title | description |
|---|---|
HashiCorp Vault Enterprise on Docker |
Vault Enterprise Cluster on Docker |
tags:
- docker
- arm64
- hashicorp
- hcp-vault
- vault
- hcp-terraform
- terraform
- raft
- dr
- tech alias:
- Vault Enterprise Raft Cluster
Vault Enterprise Cluster with Raft Storage Backend on Docker.
Credit goes to nicklhw@github as these Terraform templates are based off nicklhw's design, research, and scripts to stand up a local Docker VAULT Enterprise Cluster.
This spins up:
- 3 Node (Container) Vault Cluster
- HCLIC: You will need to provide your own Vault Enterprise License File
- e.g.
~/docker-vault/terraform/data/vault/shared/vault.hclic
- e.g.
- Network:
- e.g.
~/docker-vault/terraform/01.network.tf
- e.g.
- Storage:
- e.g.
~/docker-vault/terraform/02.storaget.tf
- e.g.
- Spin up Vault
# cd docker-vault # make -f Makefile vault-all
- Remove Vault
# cd docker-vault # make -f Makefile clean-vault-all
.
├── LICENSE
├── README.md
├── assets
├── docker-vault
│ ├── Makefile
│ └── terraform
│ ├── 00.variables.tf
│ ├── 00.versions.tf
│ ├── 01.network.tf
│ ├── 02.storage.tf
│ ├── 03.vault.tf
│ ├── 99.outputs.tf
│ ├── data
│ │ ├── scripts
│ │ │ ├── api_addr.sh
│ │ │ ├── init.sh
│ │ │ ├── pass_insert.sh
│ │ │ ├── unseal-cli.sh
│ │ │ └── vault.json
│ │ └── vault
│ │ ├── shared
│ │ │ ├── licenseplaceholder
│ │ │ └── vault.hclic
│ │ ├── vault_s1
│ │ │ ├── addr.hcl
│ │ │ └── vault-server.hcl
│ │ ├── vault_s2
│ │ │ ├── addr.hcl
│ │ │ └── vault-server.hcl
│ │ └── vault_s3
│ │ ├── addr.hcl
│ │ └── vault-server.hcl
│ ├── terraform.tfstate
│ └── terraform.tfstate.backup
└── utility
- Docker
- Terraform
- jq
- GPG / PGP / Pass
| Name | Version |
|---|---|
| hashicorp/local | >=2.1.0 |
| kreuzwerker/docker | >=2.16.0 |
No modules.
| Name | Type |
|---|---|
| docker.docker_container | resource |
| docker.docker_image | resource |
| docker.docker_network | resource |
| local.local_file | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| path_vault_s1_config | Specify path on local disk to mount Vault Container /vault/config | /var/tmp/volume/vault-ent/vault_s1/config | yes | |
| path_vault_s1_data | Specify path on local disk to mount Vault Container /vault/data | /var/tmp/volume/vault-ent/vault_s1/data | yes | |
| path_vault_s2_config | Specify path on local disk to mount Vault Container /vault/config | /var/tmp/volume/vault-ent/vault_s1/config | yes | |
| path_vault_s2_data | Specify path on local disk to mount Vault Container /vault/data | /var/tmp/volume/vault-ent/vault_s1/data | yes | |
| path_vault_s3_config | Specify path on local disk to mount Vault Container /vault/config | /var/tmp/volume/vault-ent/vault_s1/config | yes | |
| path_vault_s3_data | Specify path on local disk to mount Vault Container /vault/data | /var/tmp/volume/vault-ent/vault_s1/data | yes | |
| path_vault_log | Specify path on local disk to mount SHARED Vault Container /var/log/vault | /var/tmp/volume/vault-ent/log | yes | |
| container_image_vault | Image Name of Vault Container | hashicorp/vault-enterprise | yes | |
| container_tag_vault | Image Tag of Vault Container | {{VAULT_VERSION}} | no | |
| container_name_vault_s1 | Name of Vault Container | vault_s1 | yes | |
| container_name_vault_s2 | Name of Vault Container | vault_s2 | yes | |
| container_name_vault_s3 | Name of Vault Container | vault_s3 | yes | |
| docker_port_internal_vault | Internal Port for Vault Container | 8200 | no | |
| docker_port_external_vault_s1 | External Port for Vault S1 Container | 18200 | yes | |
| docker_port_external_vault_s2 | External Port for Vault S2 Container | 28200 | yes | |
| docker_port_external_vault_s3 | External Port for Vault S3 Container | 38200 | yes | |
| docker_restart_vault | Restart Policy for Vault Container | unless-stopped | no | |
| vault_root_token | Root Token for Vault Service | no |
| Name | Description |
|---|---|
| container_image_vault_id | n/a |
| network_name | n/a |
| network_id | n/a |
| network_ipam | n/a |
| container_name_vault_s1 | n/a |
| container_name_vault_s2 | n/a |
| container_name_vault_s3 | n/a |
| container_ip_vault_s1 | n/a |
| container_ip_vault_s2 | n/a |
| container_ip_vault_s3 | n/a |
| container_port_internal_vault_s1 | n/a |
| container_port_internal_vault_s2 | n/a |
| container_port_internal_vault_s3 | n/a |
| container_port_external_vault_s1 | n/a |
| container_port_external_vault_s2 | n/a |
| container_port_external_vault_s3 | n/a |
- https://www.terraform.io/cli/run
- https://learn.hashicorp.com/collections/terraform/docker-get-started
- https://registry.terraform.io/providers/kreuzwerker/docker
- https://hub.docker.com/_/vault
- https://github.com/nicklhw/vault-docker-compose/tree/master/docker-compose
[[]]
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent