Giters

jsok / docker-credential-vault

Docker credential helper to store credentials in HashiCorp Vault

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

dockervaultcredentials-helper

docker-credential-vault

A Docker credential helper to store credentials in HashiCorp Vault.

Usage

  1. In your docker config (~/.docker/config.json typically), set:

    {
    "credsStore": "vault"
}

  2. Ensure docker-credential-vault is in your $PATH.

  3. Decide which Vault KV backend (both v1 and v2 are supported) and the path t

  4. export DOCKER_CREDENTIAL_VAULT_KV_PATH=secret/path/to/use: This is a KV backend (both v1 and v2 are supported) path where the helper will store and look for credentials.

  5. Configure how the helper will connect to vault, all the standard $VAULT_ environment variables will be used to configured the vault client, e.g. $VAULT_ADDR and $VAULT_TOKEN will be required at a minimum.

Internals

The helper will store the credentials in the following format, e.g. server URL is https://example.com:8080:

vault kv get -format=json $DOCKER_CREDENTIAL_VAULT_KV_PATH/example.com will return:

{
  "request_id": "89ec7fd0-be41-2e85-7c79-1b16199a3d7b",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "data": {
      "Secret": "s3cr3t",
      "ServerURL": "https://example.com",
      "Username": "docker"
    },
    "metadata": {"redacted": "metadata"}
  },
  "warnings": null
}

About

Docker credential helper to store credentials in HashiCorp Vault

dockervaultcredentials-helper

Languages

Language:Go 98.7%Language:Makefile 1.3%