From 9131933e9db230caeca9851848931950f413ccaa Mon Sep 17 00:00:00 2001 From: joergi <1439809+joergi@users.noreply.github.com> Date: Thu, 12 Sep 2024 23:23:54 +0200 Subject: [PATCH] Adds first dockcer compose version #4 --- .github/workflows/testing.yml | 21 +++++++++++++++++++++ vault-docker/Dockerfile | 9 +++++++++ vault-docker/docker-compose.yml | 29 +++++++++++++++++++++++++++++ vault-docker/run.sh | 18 ++++++++++++++++++ 4 files changed, 77 insertions(+) create mode 100644 .github/workflows/testing.yml create mode 100644 vault-docker/Dockerfile create mode 100644 vault-docker/docker-compose.yml create mode 100755 vault-docker/run.sh diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml new file mode 100644 index 0000000..02a50ce --- /dev/null +++ b/.github/workflows/testing.yml @@ -0,0 +1,21 @@ +name: Read secrets from vault +on: + push: + branches: [ main ] + +jobs: + bash-linux: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout + - name: install vault-cli + run: \ + apt update && apt install gpg wget + wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint + echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + sudo apt update && sudo apt install vault + - name: verifying vault + run: vault + + diff --git a/vault-docker/Dockerfile b/vault-docker/Dockerfile new file mode 100644 index 0000000..8bb5575 --- /dev/null +++ b/vault-docker/Dockerfile @@ -0,0 +1,9 @@ +FROM ubuntu:20.04 +RUN apt-get update && apt-get install -y software-properties-common curl gnupg2 && \ + curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add - && \ + apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" && \ + apt-get update && apt-get install -y \ + vault && \ + setcap cap_ipc_lock= /usr/bin/vault +COPY run.sh ./ +CMD ./run.sh diff --git a/vault-docker/docker-compose.yml b/vault-docker/docker-compose.yml new file mode 100644 index 0000000..d29f607 --- /dev/null +++ b/vault-docker/docker-compose.yml @@ -0,0 +1,29 @@ +services: + vault-server: + image: hashicorp/vault:latest + ports: + - "8200:8200" + environment: + VAULT_ADDR: "http://0.0.0.0:8200" + VAULT_DEV_ROOT_TOKEN_ID: "vault-plaintext-root-token" + cap_add: + - IPC_LOCK + networks: + vault-network: + ipv4_address: 172.21.0.10 + aliases: + - vault-server + vault-client: + build: . + environment: + VAULT_ADDR: "http://vault-server:8200" + networks: + vault-network: + ipv4_address: 172.21.0.20 + aliases: + - vault-client +networks: + vault-network: + ipam: + config: + - subnet: 172.21.0.0/24 \ No newline at end of file diff --git a/vault-docker/run.sh b/vault-docker/run.sh new file mode 100755 index 0000000..4672901 --- /dev/null +++ b/vault-docker/run.sh @@ -0,0 +1,18 @@ +#!/bin/bash +VAULT_RETRIES=5 + +## https://www.misterpki.com/vault-docker/ +echo "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +echo "Vault is starting..." +until vault status > /dev/null 2>&1 || [ "$VAULT_RETRIES" -eq 0 ]; do + echo "Waiting for vault to start...: $((VAULT_RETRIES--))" + sleep 1 +done +echo "Authenticating to vault..." +vault login token=vault-plaintext-root-token +echo "Initializing vault..." +vault secrets enable -version=2 -path=my-secrets kv +echo "Adding entries..." +vault kv put my-secrets/dev username=test_user +vault kv put my-secrets/dev password=test_password +echo "Complete..." \ No newline at end of file