Can't mount TLS certificate into Vault container using only Docker

I’m new to both Vault and Docker, I was working with Vault with Transport Layer Security disabled, now I want to activate it to be able to query Vault over HTTPS I generated self-signed certificates using Openssl by this command

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365

you can find the explanation Here on Stack.

As explained Hashicorp Vault Discussion volumes must be mounted from local into the container.

First, I have created docker volume and I have manually copied the certifications inside that volume

docker volume create vault-volume

I found in the Documentation that adding --mount source=vault-volume,target=path_inside_the_container is likely to help so here is my command

 sudo docker run  --rm  --name hashicorp_vault --mount source=vault-volume,target=/vault/certs \ 
--cap-add=IPC_LOCk -e VAULT_ADDR=http:0.0.0.0:8200 \
 -e 'VAULT_LOCAL_CONFIG=$config_placeholder' \
 vault

Configuration placeholder

{
"backend": {
         "file": {
                    "path": "/vault/file"
                   }
           },
         "listener": [{
               "tcp":{
                     "address": "0.0.0.0:8201","tls_disable":"0", 
                     "tls_cert_file":"/vault/certs/cert.pem", 
                     "tls_key_file":"/vault/certs/key.pem"
                     }
           }],
         "api_addr": "http://0.0.0.0:8200",
         "cluster_addr": "https://0.0.0.0:8201",
         "ui": "true"
}

Now I got this error

Error initializing listener of type tcp: error loading TLS cert: open /vault/certs/cert.pem: no such file or directory

The container doesn’t know about the directory but as I understood that I have mounted it so that it will create it for me

I’m missing things here, I’ll appreciate it for you for any helpful explanation and a solution.

shell into the instance and check the volume, most likely it’s a permission problem. Either the owner or the permissions of the files in the cert mount are wrong.

what should be the permissions of the files ? is there any way to mount the volume when the container is running ?

Whatever the vault user is must have read permission on the file and read and execute permission over the directory.