Adds first dockcer compose version

#4
joergi · Sep 12, 2024 · 9131933 · 9131933
1 parent b834356
commit 9131933
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 0 deletions.
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -0,0 +1,21 @@
+name: Read secrets from vault
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  bash-linux:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout
+      - name: install vault-cli
+        run: \
+          apt update && apt install gpg wget
+          wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
+          gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
+          echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
+          sudo apt update && sudo apt install vault
+      - name: verifying vault
+        run: vault
+
+
diff --git a/vault-docker/Dockerfile b/vault-docker/Dockerfile
@@ -0,0 +1,9 @@
+FROM ubuntu:20.04
+RUN apt-get update && apt-get install -y software-properties-common curl gnupg2 && \
+  curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - && \
+  apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" && \
+  apt-get update && apt-get install -y \
+  vault && \
+  setcap cap_ipc_lock= /usr/bin/vault
+COPY run.sh ./
+CMD ./run.sh
diff --git a/vault-docker/docker-compose.yml b/vault-docker/docker-compose.yml
@@ -0,0 +1,29 @@
+services:
+  vault-server:
+    image: hashicorp/vault:latest
+    ports:
+      - "8200:8200"
+    environment:
+      VAULT_ADDR: "http://0.0.0.0:8200"
+      VAULT_DEV_ROOT_TOKEN_ID: "vault-plaintext-root-token"
+    cap_add:
+      - IPC_LOCK
+    networks:
+      vault-network:
+        ipv4_address: 172.21.0.10
+        aliases:
+          - vault-server
+  vault-client:
+    build: .
+    environment:
+      VAULT_ADDR: "http://vault-server:8200"
+    networks:
+      vault-network:
+        ipv4_address: 172.21.0.20
+        aliases:
+          - vault-client
+networks:
+  vault-network:
+    ipam:
+      config:
+        - subnet: 172.21.0.0/24
diff --git a/vault-docker/run.sh b/vault-docker/run.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+VAULT_RETRIES=5
+
+## https://www.misterpki.com/vault-docker/
+echo "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+echo "Vault is starting..."
+until vault status > /dev/null 2>&1 || [ "$VAULT_RETRIES" -eq 0 ]; do
+        echo "Waiting for vault to start...: $((VAULT_RETRIES--))"
+        sleep 1
+done
+echo "Authenticating to vault..."
+vault login token=vault-plaintext-root-token
+echo "Initializing vault..."
+vault secrets enable -version=2 -path=my-secrets kv
+echo "Adding entries..."
+vault kv put my-secrets/dev username=test_user
+vault kv put my-secrets/dev password=test_password
+echo "Complete..."