This project is run using docker-compose to orchestrate the Docker containers.
- Log into the GCP IAM console
- Create a service account with the
roles/storage.objectAdmin, a.k.a. Storage Object Admin permissions - Create a
jsonkey and download it. - Copy your
*.jsonkey to./dev/vault/service-account.json
Copy dev/vault/env.list.dist and get rid of the .dist suffix. Fill in the values with whatever you generated from the vault.
If you used more than one key, add them to env.list and edit dev/vault/bin/unseal.sh to provide the keys to the vault operator unseal function.
Edit ./dev/vault/vault.config.json and change the gcs bucket to a bucket that you own and that is controlled by your service-account.json.
- Run all servers with
docker-compose up. - Run in daemon mode with
docker-compose up -d. - Bring daemons down out with
docker-compose down. - List running daemons with
docker-compose ps.
- Bring up just
vaultin daemon mode withdocker-compose up -d vault - Connect to a running
vaultdaemon withdocker exec -it vault sh. - Watch daemon logs with
docker-compose logs -f vault. - Get shell access to the
vaultcontainer withsh bin/interactive-vault.sh. - Run just Vault with
sh ./bin/run-vault.sh. - Access the running Vault web UI at http://localhost:8200/
Make sure that vault is running with docker-compose up -d vault.
Run sh bin/vault/copy-vault-keys.sh to extract vault keys and expand secrets to separate files within ./app/vault/.