HashiCorp Developer AI Private beta now available Sign up today
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

Integrate with Docker

HCP Vault Secrets allows users to easily setup a secret store to retrieve secrets. This guide walks you through an example configuration to use the vlt CLI with a Docker container.

Prerequisites:

  • Docker installed
  • An Admin role in an HCP Project
  • An HCP Vault Secrets application and secret(s)

Service principal key

  1. Open your web browser and log into the HCP Portal.

  2. Click Access control (IAM) in the HCP Project of your choice.

  3. Click Service principals.

  4. Enter a name in the Service principal name textbox.

  5. Provide the "Viewer" role for reading secret values and click Create service principal.

  6. In the Keys pane, click Create service principal key.

  7. Copy the Client ID and Client secret. These values will be used later to run the Docker container.

  8. Click Vault Secrets and copy the name of the application you want to use with the Docker container.

Docker

  1. Create a Dockerfile.

    Example:

    FROM ubuntu
RUN apt update && apt install -y --no-install-recommends gpg curl lsb-release ca-certificates openssl
RUN curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
RUN echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
RUN apt update && apt install vlt -y --no-install-recommends
RUN apt clean && rm -rf /var/lib/apt/lists/*

    This example builds a Ubuntu image with the CLI installed. Refer to the Install HCP Vault Secrets CLI tutorial for directions to install the CLI for additional operating systems.

  2. Build the image using the Dockerfile.

    $ docker build --tag ubuntu-with-vlt .

  3. Verify the image was created.

    $ docker image list | grep vlt
ubuntu-with-vlt       latest    37138f73e90b   17 hours ago   175MB

  4. Create a environment file with the values collected from the HCP Portal.

    Example:

    HCP_CLIENT_ID=client-id
HCP_CLIENT_SECRET=client-secret
VLT_APPLICATION_NAME=application-name

  5. Run the container.

    $ docker run --env-file vlt.env --volume $(pwd) \
  ubuntu-with-vlt vlt secrets >> secret-list.txt

    This example lists available secrets to demonstrate the CLI correctly reading the environment file.

  6. Verify the container was able to run the command successfully.

    $ cat secret-list.txt

    Example output:

    Name      Latest Version  Created At
url       2               2023-06-13T18:00:20.401Z
username  2               2023-06-09T13:14:28.140Z