dd5a8abd55
All checks were successful
Build and deploy Bridgeman Accessible Hashicorp Vault Implementation / deploy (push) Successful in 2m48s
42 lines
No EOL
1.5 KiB
Docker
42 lines
No EOL
1.5 KiB
Docker
FROM hashicorp/vault:latest
|
|
|
|
WORKDIR /vault/setup
|
|
|
|
# Install Bash
|
|
RUN apk add --no-cache --upgrade bash
|
|
|
|
# Install python/pip (needed to run some of the initialization logic)
|
|
ENV PYTHONUNBUFFERED=1
|
|
RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python
|
|
RUN python3 -m venv .venv \
|
|
&& source .venv/bin/activate \
|
|
&& python -m ensurepip \
|
|
&& pip install --no-cache --upgrade pip setuptools
|
|
|
|
# Install any needed dependencies
|
|
COPY ./setup-scripts/requirements.txt ./
|
|
RUN source .venv/bin/activate && pip install --no-cache -r requirements.txt
|
|
|
|
# Needed for parsing JSON in Bash (which is needed to parse the unseal keys and root token)
|
|
RUN apk add --no-cache jq
|
|
|
|
# Copy the Vault configuration file into the container
|
|
COPY vault-config.hcl /vault/config/vault-config.hcl
|
|
|
|
# Copy the startup script into the container (also verifying it's encoded properly)
|
|
COPY ./entrypoint.sh ./
|
|
RUN dos2unix ./entrypoint.sh
|
|
|
|
# Copy the Python startup stuff into the container
|
|
COPY ./setup-scripts ./setup-scripts
|
|
|
|
# Copy the snapshot server Python code into the container
|
|
COPY ./snapshot-server /snapshot-server
|
|
|
|
# | Port | Purpose |
|
|
# | ---- | ------------------------------------------------------------------- |
|
|
# | 8200 | Vault API |
|
|
# | 8300 | Custom snapshot server (for creating and serving backups over HTTP) |
|
|
EXPOSE 8200 8300
|
|
|
|
ENTRYPOINT ["/bin/bash", "/vault/setup/entrypoint.sh"] |