docker pull cgr.dev/chainguard/vault
Need access to a specific version? Contact us.
Get notified of upcoming product changes, critical vulnerability notifications and patches and more.
Sign inVault Server Image
The image is available on cgr.dev
:
The Chainguard Vault image contains the Vault server binary and supporting config. The image is intended to be a drop-in replacement for the upstream hashicorp/vault or vault images and compatible with the Hashicorp Helm chart.
The default entrypoint starts a single-node instance of the server in development mode for testing
and development. Note that the container should be given the IPC_LOCK
capability.
You can start the container with:
To configure Vault for production or other environments, supply a configuration file in the /etc/vault
directory e.g:
You can also supply config via the VAULT_LOCAL_CONFIG
variable e.g:
This image and the vault-k8s image can be used with the Hashicorp Helm chart. To replace the official images with the Chainguard images, provide the chart with the following values:
Assuming these values are saved in cgr_values.yaml
, you should be able to run:
If you run the container without IPC_LOCK
capabilitiy, you will get the following warning:
IPC_LOCK
is required for the memory lock (mlock) feature that prevents memory -- possibly containing sensitive information -- being written to disk. For a full explanation of how it works, refer to the documentation.
The error can be easily fixed by running:
Or by using the following securityContext
in Kubernetes:
The image starts as root and switches to the lower privileged vault
user in the entrypoint
script.
This image is not identical to the hashicorp/vault image. In particular:
/etc/vault
/var/lib/vault
/var/log/vault
/usr/bin
This image supports the same environment variables as the hashicorp/vault image.
If using the file data storage plugin, please configure it to write to /var/lib/vault
.
By default logs will be streamed to stdout and stderr, but can be configured to write to
/var/log/vault
.
Chainguard Images contain software packages that are direct or transitive dependencies. The following licenses were found in the "latest" version of this image:
BSD-3-Clause
BUSL-1.1
GPL-2.0-only
GPL-2.0-or-later
LGPL-2.1-or-later
MIT
MPL-2.0
For a complete list of licenses, please refer to this Image's SBOM.
Software license agreementProducts
Chainguard Images© 2024 Chainguard, Inc.