HashiConf 2024 Now streaming live from Boston! Attend for free
HashiCorp Cloud Platform
HashiCorp Cloud Platform Home

Integrate with Docker

HCP Vault Secrets allows users to easily setup a secret store to retrieve secrets. This guide walks you through an example configuration to use the HCP CLI with a Docker container.

Prerequisites:

  • Docker installed
  • An Admin role in an HCP Project
  • An HCP Vault Secrets application and secret(s)

Service principal key

  1. Open your web browser and log into the HCP Portal.

  2. Click Access control (IAM) in the HCP Project of your choice.

  3. Click Service principals.

  4. Enter a name in the Service principal name textbox.

  5. Provide the "Viewer" role for reading secret values and click Create service principal.

  6. In the Keys pane, click Create service principal key.

  7. Copy the Client ID and Client secret. These values will be used later to run the Docker container.

  8. Click Vault Secrets and copy the name of the application you want to use with the Docker container.

Docker

  1. Create an environment file with the values collected from the HCP Portal.

    Example:

    HCP_CLIENT_ID=client-id
HCP_CLIENT_SECRET=client-secret

  2. Run the container. Replace the value of the --app flag with the name of your application in HCP Vault Secrets.

    $ docker run --env-file vault-secrets.env --volume $(pwd) \
  hashicorp/hcp hcp vs secrets list --app=sample-app >> secret-list.txt

    This example lists available secrets to demonstrate the CLI correctly reading the environment file.

  3. Verify the container was able to run the command successfully.

    $ cat secret-list.txt

    Example output:

    Secret Name         Latest Version   Created At
api_token           1                2024-06-12T18:18:46.427Z
db_name             1                2024-06-12T18:18:36.432Z
my_super_secret_1   1                2024-06-12T18:17:53.392Z