Show List

Running Hashicorp Vault on Docker

In this demo we are going to run the Hashicorp Vault locally by pulling the docker image.

Running Docker Image

1) Start the Docker desktop application. 
2) From the command line, run command "docker run -p 8200:8200 --name docker vault". This would start the vault server in dev mode:
C:\Users\mail2>docker run -p 8200:8200 --name docker vault
Unable to find image 'vault:latest' locally
latest: Pulling from library/vault
c7ed990a2339: Pull complete
bbfc3da2963f: Pull complete
afa164a81be5: Pull complete
67bcdccaa12c: Pull complete
96d703a9d985: Pull complete
Digest: sha256:403c4cdc39091f58dd804133b8f1f3cc933e1a3929bd64eab50443d4557e3ee8
Status: Downloaded newer image for vault:latest
Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --cap-add IPC_LOCK
==> Vault server configuration:

             Api Address: http://0.0.0.0:8200
                     Cgo: disabled
         Cluster Address: https://0.0.0.0:8201
              Go Version: go1.19.3
              Listener 1: tcp (addr: "0.0.0.0:8200", cluster address: "0.0.0.0:8201", max_request_duration: "1m30s", max_request_size: "33554432", tls: "disabled")
               Log Level: info
                   Mlock: supported: true, enabled: false
           Recovery Mode: false
                 Storage: inmem
                 Version: Vault v1.12.2, built 2022-11-23T12:53:46Z
             Version Sha: 415e1fe3118eebd5df6cb60d13defdc01aa17b03

2022-12-25T17:31:12.787Z [INFO]  proxy environment: http_proxy="" https_proxy="" no_proxy=""
2022-12-25T17:31:12.787Z [WARN]  no `api_addr` value specified in config or in VAULT_API_ADDR; falling back to detection if possible, but this value should be manually set
2022-12-25T17:31:12.787Z [INFO]  core: Initializing version history cache for core
2022-12-25T17:31:12.788Z [INFO]  core: security barrier not initialized
2022-12-25T17:31:12.788Z [INFO]  core: security barrier initialized: stored=1 shares=1 threshold=1
2022-12-25T17:31:12.788Z [INFO]  core: post-unseal setup starting
2022-12-25T17:31:12.803Z [INFO]  core: loaded wrapping token key
2022-12-25T17:31:12.803Z [INFO]  core: Recorded vault version: vault version=1.12.2 upgrade time="2022-12-25 17:31:12.8035149 +0000 UTC" build date=2022-11-23T12:53:46Z
2022-12-25T17:31:12.803Z [INFO]  core: successfully setup plugin catalog: plugin-directory=""
2022-12-25T17:31:12.803Z [INFO]  core: no mounts; adding default mount table
2022-12-25T17:31:12.806Z [INFO]  core: successfully mounted backend: type=cubbyhole version="" path=cubbyhole/
2022-12-25T17:31:12.806Z [INFO]  core: successfully mounted backend: type=system version="" path=sys/
2022-12-25T17:31:12.807Z [INFO]  core: successfully mounted backend: type=identity version="" path=identity/
2022-12-25T17:31:12.809Z [INFO]  core: successfully enabled credential backend: type=token version="" path=token/ namespace="ID: root. Path: "
2022-12-25T17:31:12.809Z [INFO]  rollback: starting rollback manager
2022-12-25T17:31:12.809Z [INFO]  core: restoring leases
2022-12-25T17:31:12.811Z [INFO]  expiration: lease restore complete
2022-12-25T17:31:12.812Z [INFO]  identity: entities restored
2022-12-25T17:31:12.812Z [INFO]  identity: groups restored
2022-12-25T17:31:13.275Z [INFO]  core: post-unseal setup complete
2022-12-25T17:31:13.279Z [INFO]  core: root token generated
2022-12-25T17:31:13.279Z [INFO]  core: pre-seal teardown starting
2022-12-25T17:31:13.280Z [INFO]  rollback: stopping rollback manager
2022-12-25T17:31:13.280Z [INFO]  core: pre-seal teardown complete
2022-12-25T17:31:13.280Z [INFO]  core.cluster-listener.tcp: starting listener: listener_address=0.0.0.0:8201
2022-12-25T17:31:13.281Z [INFO]  core.cluster-listener: serving cluster requests: cluster_listen_address=[::]:8201
2022-12-25T17:31:13.281Z [INFO]  core: post-unseal setup starting
2022-12-25T17:31:13.281Z [INFO]  core: loaded wrapping token key
2022-12-25T17:31:13.281Z [INFO]  core: successfully setup plugin catalog: plugin-directory=""
2022-12-25T17:31:13.282Z [INFO]  core: successfully mounted backend: type=system version="" path=sys/
2022-12-25T17:31:13.282Z [INFO]  core: successfully mounted backend: type=identity version="" path=identity/
2022-12-25T17:31:13.282Z [INFO]  core: successfully mounted backend: type=cubbyhole version="" path=cubbyhole/
2022-12-25T17:31:13.283Z [INFO]  core: successfully enabled credential backend: type=token version="" path=token/ namespace="ID: root. Path: "
2022-12-25T17:31:13.283Z [INFO]  rollback: starting rollback manager
2022-12-25T17:31:13.283Z [INFO]  core: restoring leases
2022-12-25T17:31:13.283Z [INFO]  expiration: lease restore complete
2022-12-25T17:31:13.283Z [INFO]  identity: entities restored
2022-12-25T17:31:13.283Z [INFO]  identity: groups restored
2022-12-25T17:31:13.284Z [INFO]  core: post-unseal setup complete
2022-12-25T17:31:13.284Z [INFO]  core: vault is unsealed
2022-12-25T17:31:13.285Z [INFO]  core: successful mount: namespace="" path=secret/ type=kv version=""
==> Vault server started! Log data will stream in below:

2022-12-25T17:31:13.296Z [INFO]  secrets.kv.kv_58a54e5f: collecting keys to upgrade
2022-12-25T17:31:13.296Z [INFO]  secrets.kv.kv_58a54e5f: done collecting keys: num_keys=1
2022-12-25T17:31:13.296Z [INFO]  secrets.kv.kv_58a54e5f: upgrading keys finished
WARNING! dev mode is enabled! In this mode, Vault runs entirely in-memory
and starts unsealed with a single unseal key. The root token is already
authenticated to the CLI, so you can immediately begin using Vault.

You may need to set the following environment variables:

    $ export VAULT_ADDR='http://0.0.0.0:8200'

The unseal key and root token are displayed below in case you want to
seal/unseal the Vault or re-authenticate.

Unseal Key: nGE8a4RZbbV5uymAEMEUuAHorfMH79MJMdZSl9764bc=
Root Token: hvs.iWtKdqET3MmARqmaaXqDFLOe
3) Make a note of unseal key and root token above. 
4) The Vault UI can be assessed from url "http://localhost:8200/". Enter the token from above to login to Vault UI


    Leave a Comment


  • captcha text