Hi all, I’m very new to Vault. I’m trying to add LDAP authentication to config.hcl, but can’t figure out how to do it. I’m trying to make it so LDAP is preconfigured when the Docker container starts so I don’t have to login and manully configure it via the web interface each time the docker container starts.
For example, I’d like to have following equivalent done when docker contailer starts:
You cannot configure internals in the vault config file.
Though once it is configured, that config will persist in the vault data storage. So this give you a few options:
Map the storage on a host volume (or equivalent). When you restart you will still need to go through the unseal operation.
Have a sidecar container that will do those operations - init, unseal, config on startup.
For a dev container, build a wrapper for the start script that does this on startup. The dev image stores everything in memory, so a restart you loose everything.
There may be others - but these are ones I an think of off the bat.
You need a script that runs the vault commands to enable and configure LDAP authentication. This script will be placed in your Docker container, and it will run once Vault is started.
Example ldap_setup.sh script:
bin/sh
Wait for Vault to be ready (unsealed and initialized)
Optionally wait or check Vault status until it’s ready
vault status