And*_*man 5 docker docker-compose hashicorp-vault vault
我将此Vault docker 映像用于我的本地测试环境。但它仅将所有秘密存储在内存中。因此,如果我重新启动计算机,那么我的所有测试秘密都会消失,我每次都要手动重新创建它们。我该如何解决这个问题?
我的.env文件:
COMPOSE_PROJECT_NAME=vault
VAULT_DEV_ROOT_TOKEN_ID=myroot
VAULT_ADDR=http://127.0.0.1:8200
我的docker-compose.yml文件:
version: "3.8"
services:
vault:
env_file:
- .env
networks:
- public
image: vault
restart: unless-stopped
ports:
- 8200:8200
cap_add:
- IPC_LOCK
container_name: "${TARGET_ENVIRONMENT}_${COMPOSE_PROJECT_NAME}_vault"
volumes:
- vault-logs:/vault/logs
- vault-file:/vault/file
labels:
- "traefik.enable=true"
- "traefik.http.routers.vault.service=vault"
- "traefik.http.routers.vault.entrypoints=https"
- "traefik.http.routers.vault.rule=Host(`vault.${HOST_URL}`)"
- "traefik.http.routers.vault.tls=true"
- "traefik.http.routers.vault.tls.certresolver=letsEncrypt"
- "traefik.http.services.vault.loadbalancer.server.port=8200"
volumes:
vault-logs:
vault-file:
networks:
public:
external: true
二进制文件的帮助vault说:
-dev
Enable development mode. In this mode, Vault runs in-memory and starts
unsealed. As the name implies, do not run "dev" mode in production. The
default is false.
模式下不支持其他秘密后端-dev。如果您需要数据持久性,您应该部署完整的保管库实例。也许只是最简单的一种,使用本地file后端来存储数据:
backend "file" {
path = "/path/to/a/file/in/a/docker/volume"
}
该解决方案最复杂的部分将是解封操作的实施,除非您有权访问存储此类密钥的云提供商。
| 归档时间: |
|
| 查看次数: |
1166 次 |
| 最近记录: |