actions/vault-action
2
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-05-13 13:25:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
vault-action/docker-compose.yml
hashicorp-copywrite[bot] a049f01838
[COMPLIANCE] Add/Update Copyright Headers (#605) 
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com>
Co-authored-by: Srikrishna Iyer <srikrishna.iyer@hashicorp.com>
2026-05-12 19:03:34 +05:30

63 lines
2 KiB
YAML
Raw Blame History

# Copyright IBM Corp. 2019, 2026
# SPDX-License-Identifier: MIT
# Start vault server locally for the purposes of integration tests.
version: "3.0"
services:
vault:
image: hashicorp/vault:2.0.0
environment:
VAULT_DEV_ROOT_TOKEN_ID: testtoken
SKIP_SETCAP: "true"
VAULT_LOCAL_CONFIG: '{"disable_mlock": true}'
ports:
- 8200:8200
privileged: true
healthcheck:
test: ["CMD-SHELL", "VAULT_ADDR=http://127.0.0.1:8200 vault status"]
interval: 1s
timeout: 5s
retries: 5
vault-enterprise:
image: hashicorp/vault-enterprise:2.0-ent
environment:
VAULT_DEV_ROOT_TOKEN_ID: testtoken
VAULT_LICENSE: ${VAULT_LICENSE_CI}
SKIP_SETCAP: "true"
VAULT_LOCAL_CONFIG: '{"disable_mlock": true}'
ports:
- 8200:8200
privileged: true
healthcheck:
test: ["CMD-SHELL", "VAULT_ADDR=http://127.0.0.1:8200 vault status"]
interval: 1s
timeout: 5s
retries: 30
vault-tls:
image: hashicorp/vault:2.0.0
hostname: vault-tls
environment:
# Used by the vault CLI in the healthcheck to trust the CA
VAULT_CAPATH: /etc/vault/ca.crt
SKIP_SETCAP: "true"
VAULT_LOCAL_CONFIG: '{"disable_mlock": true}'
ports:
- 8200:8200
privileged: true
healthcheck:
# Exit 2 means sealed-but-running, which is acceptable during startup
test:
- CMD-SHELL
- |
export VAULT_ADDR=https://127.0.0.1:8200 VAULT_CACERT=/etc/vault/ca.crt VAULT_CLIENT_CERT=/etc/vault/client.crt VAULT_CLIENT_KEY=/etc/vault/client.key
vault status; s=$$?; [ $$s -eq 0 ] || [ $$s -eq 2 ]
interval: 1s
timeout: 5s
retries: 30
volumes:
# Certs generated by scripts/gen-tls-certs.sh into .build/certs/
- ${PWD}/.build/certs:/etc/vault
# tmpfs gives the non-root vault user write access without chown tricks;
# ephemeral storage is fine since tests always reinitialize vault from scratch
tmpfs: /var/lib/vault
entrypoint: vault server -config=/etc/vault/config.hcl
Reference in a new issue View git blame Copy permalink