How can I run Hashicorp Vault docker image with HTTPS on production

Question

I've been trying to run the hashicorp/vault docker image in a production environment with https using docker.

I'm running a node server and using the hashi-vault-js npm package to connect to my vault

I did this in Dev mode and it was pretty easy but not so much in production.

In dev mode, I run:

sudo docker run --name=dev-vault --cap-add=IPC_LOCK -p 8200:8200 hashicorp/vault:latest server -dev

Then I export the VAULT_ADDR and VAULT_TOKEN by executing commands in the container's isolation mode.

But this will run it in Dev mode and without a secure SSL/TLS.

From the official docs, I created a vault.hcl and configured everything but it just always seems to want to find a local.json file ....really confused...(I'm new to Hashicorp vault).

So please how do I do this in production but with a secure SSL/TLS and without mlock .

Answer 1

You have to change the docker entrypoint command like below to use a custom vault.hcl file.

vault server -config=/vault/vault.hcl

Example docker-compose.yaml file (vault.hcl file resides inside /home/volumes/vault/)

version: "3.8"
services:
  vault:
   image: hashicorp/vault
   container_name: vault
   environment:
      VAULT_ADDR: http://127.0.0.1:8200
   ports:
      - "8200:8200"
   volumes:
      - /home/volumes/vault/:/vault/:rw
   cap_add:
      - IPC_LOCK
   entrypoint: vault server -config=/vault/vault.hcl