-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* remove need for approle.json * remove references to vault env and approle files * remove sql init volume * Add new lines
- Loading branch information
Showing
16 changed files
with
86 additions
and
172 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
FROM hashicorp/vault:latest | ||
|
||
# Add jq to make scripting the calls a bit easier | ||
# ref: https://stedolan.github.io/jq/ | ||
RUN apk add --no-cache bash jq | ||
|
||
# Add our policy and entrypoint | ||
COPY policy.hcl /vault/policy.hcl | ||
COPY entrypoint.sh /vault/entrypoint.sh | ||
|
||
EXPOSE 8200 | ||
|
||
ENTRYPOINT [ "/vault/entrypoint.sh" ] | ||
|
||
HEALTHCHECK \ | ||
--start-period=5s \ | ||
--interval=1s \ | ||
--timeout=1s \ | ||
--retries=30 \ | ||
CMD [ "/bin/sh", "-c", "[ -f /tmp/healthy ]" ] |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
#!/bin/sh | ||
|
||
# Much of the below was lifted from the sample Vault application setup | ||
# in https://github.com/hashicorp/hello-vault-go/tree/main/sample-app | ||
|
||
set -e | ||
|
||
export VAULT_ADDR='http://localhost:8200' | ||
export VAULT_FORMAT='json' | ||
|
||
# Dev mode defaults some addresses, but also enables us | ||
# to have a custom root key & automatically unsealed vault. | ||
vault server -dev & | ||
sleep 5s | ||
|
||
# Authenticate container's local Vault CLI | ||
# ref: https://www.vaultproject.io/docs/commands/login | ||
vault login -no-print "${VAULT_DEV_ROOT_TOKEN_ID}" | ||
|
||
# AppRole auth is what we use in JIMM, an awesome tutorial | ||
# on how this is setup can be found below. | ||
# HOW-TO: https://developer.hashicorp.com/vault/docs/auth/approle | ||
# AND: | ||
# https://developer.hashicorp.com/vault/tutorials/auth-methods/approle | ||
|
||
echo "Enabling AppRole auth" | ||
vault auth enable approle | ||
|
||
echo "Creating access policy to JIMM stores" | ||
vault policy write jimm-app /vault/policy.hcl | ||
|
||
echo "Creating jimm-app AppRole" | ||
vault write auth/approle/role/jimm-app policies=jimm-app | ||
|
||
# Set fixed role ID and secret ID to simplify testing | ||
vault write auth/approle/role/jimm-app/role-id role_id="test-role-id" | ||
vault write auth/approle/role/jimm-app/custom-secret-id secret_id="test-secret-id" | ||
|
||
# Enable the KV at the defined policy path | ||
echo "Enabling KV at policy path /jimm-kv" | ||
echo "/jimm-kv accessible by policy jimm-app" | ||
vault secrets enable -version=2 -path /jimm-kv kv | ||
|
||
# This container is now healthy | ||
touch /tmp/healthy | ||
|
||
# Keep container alive | ||
tail -f /dev/null & trap 'kill %1' TERM ; wait |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.