feat(hashicorpvault): Use AWS KMS to unseal

fix(hashicorpvault): Typo
fix(hashicorpvault): Always restart
2025-02-04 00:52:28 +01:00 · 2025-01-29 01:25:53 +01:00 · 2025-01-29 01:23:50 +01:00 · 2025-01-26 18:07:36 +01:00
4 changed files with 21 additions and 4 deletions
--- a/README.md
+++ b/README.md
@@ -77,6 +77,14 @@ Create ZFS datasets and set permissions as needed.
    zfs create -p 'zpool/data/opt/docker-data/hashicorpvault-'"${CONTEXT}"'/data/file'
    zfs create -p 'zpool/data/opt/docker-data/hashicorpvault-'"${CONTEXT}"'/data/logs'
    ```
+    This results in a directory structure like so:
+    ```
+    /opt/docker-data/hashicorpvault-loft/
+    ├── config
+    └── data
+        ├── file
+        └── logs
+    ```

 ## Additional files

--- a/common-settings.yaml
+++ b/common-settings.yaml
@@ -8,4 +8,4 @@ services:
                max-size: "10m"
                max-file: "10"
                compress: "true"
-        restart: "${RESTARTPOLICY:-unless-stopped}"
+        restart: "${RESTARTPOLICY:-always}"
--- a/compose.yaml
+++ b/compose.yaml
@@ -12,7 +12,7 @@ services:
                soft: ${ULIMIT_NPROC:-65535}
                hard: ${ULIMIT_NPROC:-65535}
        extends:
-            file: common-settings.yml
+            file: common-settings.yaml
            service: common-settings
        ports:
            - "63961:8200"
@@ -25,6 +25,11 @@ services:
            VAULT_LOCAL_CONFIG: ${VAULT_LOCAL_CONFIG}
            VAULT_DEV_ROOT_TOKEN_ID: ${VAULT_DEV_ROOT_TOKEN_ID}
            VAULT_DEV_LISTEN_ADDRESS: ${VAULT_DEV_LISTEN_ADDRESS}
+            AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID:-}
+            AWS_REGION: ${AWS_REGION:-}
+            AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY:-}
+            VAULT_AWSKMS_SEAL_KEY_ID: ${VAULT_AWSKMS_SEAL_KEY_ID:-}
+            VAULT_SEAL_TYPE: ${VAULT_SEAL_TYPE:-}
        entrypoint: vault server -config=/vault/config/vault.hcl
 networks:
    # Variables are not supported in keys, only in values.
--- a/env/fqdn_context.env.example
+++ b/env/fqdn_context.env.example
@@ -8,12 +8,16 @@ HASHICORPVAULT_VERSION=latest
 VAULT_DEV_ROOT_TOKEN_ID=your-root-token-here
 VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:1234
 VAULT_LOCAL_CONFIG={"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h"}
-
+# AWS_ACCESS_KEY_ID=
+# AWS_REGION=
+# AWS_SECRET_ACCESS_KEY=
+# VAULT_AWSKMS_SEAL_KEY_ID=
+# VAULT_SEAL_TYPE=awskms


 # Feel free to leave defaults. They apply while these vars are commented out
 # ---
-# RESTARTPOLICY=unless-stopped
+# RESTARTPOLICY=always
 # TIMEZONE=Etc/UTC
Author	SHA1	Message	Date
hygienic-books	3fd08533fc	feat(hashicorpvault): Use AWS KMS to unseal	2025-02-04 00:52:28 +01:00
hygienic-books	3ee0e1fae6	fix(hashicorpvault): Typo	2025-01-29 01:25:53 +01:00
hygienic-books	57c2b55b17	fix(hashicorpvault): Always restart	2025-01-29 01:23:50 +01:00
hygienic-books	14810785bb	docs(hashicorpvault): Showcase dir structure	2025-01-26 18:07:36 +01:00