Howto unseal vault server, running in a docker container
Solution 1:
In order to unseal a vault-in-a-container using official source vault image I would initiate the vault container with:
vm# docker run -it --cap-add IPC_LOCK -p 8200:8200 -p 8215:8125 --name vault --volume /my/vault:/my/vault vault server -config=/my/vault/vaultCfg.hcl
where the vm is running 1.12.4 docker engine and the vault hcl config lists:
backend "consul" {
address = "myconsul.com:8500"
path = "vault"
}
listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}
and then on the same docker host:
vm# VAULT_ADDR=http://myvault.com:8200
vm# docker exec -it vault vault "$@" init -address=${VAULT_ADDR}
And expect output like:
2016/12/11 10:21:10.628736 [WARN ] physical/consul: appending trailing forward slash to path
2016/12/11 12:09:12.117238 [INFO ] core: security barrier not initialized
2016/12/11 12:09:12.136037 [INFO ] core: security barrier initialized: shares=5 threshold=3
2016/12/11 12:09:12.169987 [INFO ] core: post-unseal setup starting
2016/12/11 12:09:12.181963 [INFO ] core: successfully mounted backend: type=generic path=secret/
2016/12/11 12:09:12.181990 [INFO ] core: successfully mounted backend: type=cubbyhole path=cubbyhole/
2016/12/11 12:09:12.182057 [INFO ] core: successfully mounted backend: type=system path=sys/
2016/12/11 12:09:12.182156 [INFO ] rollback: starting rollback manager
2016/12/11 12:09:12.218527 [INFO ] core: post-unseal setup complete
2016/12/11 12:09:12.218733 [INFO ] core/startClusterListener: starting listener
2016/12/11 12:09:12.218899 [INFO ] core/startClusterListener: serving cluster requests: cluster_listen_address=[::]:8201
2016/12/11 12:09:12.228888 [INFO ] core: root token generated
2016/12/11 12:09:12.228905 [INFO ] core: pre-seal teardown starting
2016/12/11 12:09:12.228911 [INFO ] core/stopClusterListener: stopping listeners
2016/12/11 12:09:12.228921 [INFO ] core/startClusterListener: shutting down listeners
2016/12/11 12:09:12.724179 [INFO ] core/startClusterListener: listeners successfully shut down
2016/12/11 12:09:12.724209 [INFO ] core/stopClusterListener: success
2016/12/11 12:09:12.724225 [INFO ] rollback: stopping rollback manager
2016/12/11 12:09:12.724250 [INFO ] core: pre-seal teardown complete
This link may help. Requires working Internet connection for docker run