Get notified of upcoming product changes, critical vulnerability notifications and patches and more.
Sign inVault Server Image
The image is available on cgr.dev
:
The Chainguard Vault image contains the Vault server binary and supporting config. The image is intended to be a drop-in replacement for the upstream hashicorp/vault or vault images and compatible with the Hashicorp Helm chart.
The default entrypoint starts a single-node instance of the server in development mode for testing
and development. Note that the container should be given the IPC_LOCK
capability.
You can start the container with:
To configure Vault for production or other environments, supply a configuration file in the /etc/vault
directory e.g:
You can also supply config via the VAULT_LOCAL_CONFIG
variable e.g:
This image and the vault-k8s image can be used with the Hashicorp Helm chart. To replace the official images with the Chainguard images, provide the chart with the following values:
Assuming these values are saved in cgr_values.yaml
, you should be able to run:
If you run the container without IPC_LOCK
capabilitiy, you will get the following warning:
IPC_LOCK
is required for the memory lock (mlock) feature that prevents memory -- possibly containing sensitive information -- being written to disk. For a full explanation of how it works, refer to the documentation.
The error can be easily fixed by running:
Or by using the following securityContext
in Kubernetes:
The image starts as root and switches to the lower privileged vault
user in the entrypoint
script.
This image is not identical to the hashicorp/vault image. In particular:
/etc/vault
/var/lib/vault
/var/log/vault
/usr/bin
This image supports the same environment variables as the hashicorp/vault image.
If using the file data storage plugin, please configure it to write to /var/lib/vault
.
By default logs will be streamed to stdout and stderr, but can be configured to write to
/var/log/vault
.
Chainguard Images contain software packages that are direct or transitive dependencies. The following licenses were found in the "latest" version of this image:
Apache-2.0
BSD-3-Clause
BUSL-1.1
GPL-2.0-only
GPL-2.0-or-later
LGPL-2.1-or-later
MIT
For a complete list of licenses, please refer to this Image's SBOM.
Software license agreementThis is a FIPS validated image for FedRAMP compliance.
This image is STIG hardened and scanned against the DISA General Purpose Operating System SRG with reports available.
Learn more about STIGsGet started with STIGsProducts
Chainguard Images© 2024 Chainguard, Inc.