Vault Kurulumu ve Yapılandırması

Vault Container Kurulumu

# Vault config dizinini oluşturun
mkdir C:\HashiCorp\vault\config
mkdir C:\HashiCorp\vault\file

# vault-entrypoint.sh dosyasını oluşturun
@"
#!/bin/sh
set -e
export VAULT_ADDR=http://0.0.0.0:8200
vault server -config=/vault/config/config.hcl &
sleep 5
if [ ! -f /vault/file/.vault-init ]; then
    vault operator init -key-shares=1 -key-threshold=1 > /vault/file/init-keys.txt
    export VAULT_UNSEAL_KEY=$(cat /vault/file/init-keys.txt | grep "Unseal Key 1" | cut -d' ' -f4)
    export VAULT_ROOT_TOKEN=$(cat /vault/file/init-keys.txt | grep "Initial Root Token" | cut -d' ' -f4)
    vault operator unseal $VAULT_UNSEAL_KEY
    vault auth $VAULT_ROOT_TOKEN
    vault secrets enable -path=serender kv-v2
    touch /vault/file/.vault-init
    echo "Vault initialized with root token: $VAULT_ROOT_TOKEN"
else
    export VAULT_UNSEAL_KEY=$(cat /vault/file/init-keys.txt | grep "Unseal Key 1" | cut -d' ' -f4)
    vault operator unseal $VAULT_UNSEAL_KEY
    echo "Vault unsealed"
fi
wait
"@ | Out-File -FilePath "C:\HashiCorp\vault\config\vault-entrypoint.sh" -Encoding ASCII

# config.hcl dosyasını oluşturun
@"
storage "file" {
  path = "/vault/file"
}
listener "tcp" {
  address = "0.0.0.0:8200"
  tls_disable = 1
}
ui = true
disable_mlock = true
api_addr = "http://0.0.0.0:8200"
"@ | Out-File -FilePath "C:\HashiCorp\vault\config\config.hcl" -Encoding ASCII

# Vault container'ı çalıştırın
docker run --name serender_vault `
  -p 8200:8200 `
  -v C:\HashiCorp\vault\file:/vault/file `
  -v C:\HashiCorp\vault\config:/vault/config `
  --cap-add=IPC_LOCK `
  -d hashicorp/vault:latest `
  sh /vault/config/vault-entrypoint.sh

Vault Token'ını Alma

# Container loglarından root token'ı alın
docker logs serender_vault | findstr "root token"