Install Vault in docker image
To install the vault
client in a docker image, we can follow the Official Vault install documentation.
However, this throws an error of operation not permitted
when trying to run the vault client. This is due to vault trying to lock memory to prevent sensitive values being swapped to disk. This is a Reported Issue and also mentioned on Vault docker hub.
We can overcome this by running the container with --cap-add
flag:
docker run --cap-add=IPC_LOCK -d --name=dev-vault mycustomimage vault
However, this is not required if using Raft integrated storage
.
To resolve the issue, we can instead use a multistage build to copy the vault binary into the image rather than installing via package manager.
An example Dockerfile:
FROM hashicorp/vault:1.18 as vaultsource
FROM ubuntu:22.04 as base
COPY --from=vaultsource /bin/vault /usr/local/bin/vault
Using the above, we can create a custom image with a vault CLI that doesn’t throw an operation not permitted error.