In this scenario, we'll explore how to store secrets in Hashicorp Vault. The scenario explains how to initialise a vault, store key/values in a secure way that can later be accessed via the CLI or the HTTP API. The HTTP API is an excellent way to obtain secrets when running inside a Docker Container.
What is Hashicorp Vault
Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. More details can be found at https://github.com/hashicorp/vault/
This scenario is designed for educational purposes and not production. For production usage, you should always use TLS which has been disabled in this example.
In this scenario we explored how to launch a Hashicorp Vault Server and use it to read/write secure information such as our API keys.
Learn how to access these Vault secrets from within a Docker container using our (LibSecret Docker Volume Driver)[https://www.katacoda.com/courses/docker-production/docker-volume-libsecret] scenario.
Store Secrets using Hashicorp Vault
Step 1 - Configuration
The first step is to configure a Data Container to store the configuration for Vault.
View the confirmation with
The config defines three important properties. Firstly, it sets Vault to use Consul to store the secrets. Using Consul enables high availability mode as Consul manages to information and distribution to ensure HA. Secondly, it binds Vault to listen on all IP addresses, this is for use with the HTTP API. Finally, for development purposes, we disable TLS.
Create Data Container
To store the configuration we'll create a container. This will be used by Vault and Consul to read the required configuration files.
docker create -v /config --name config busybox; docker cp vault.hcl config:/config/;
You can learn more about data containers with our scenario https://www.katacoda.com/courses/docker/data-containers