Unseal Vault running in Docker container

I’m very new to Vault. I’m trying to figure out how to capture the unseal keys and root id from the Vault container upon startup. I would like to do this without using something like AWS KMS. I have looked at lots of documentation. Any help will be greatly appreciated.

docker exec -it <your-container-id-or-name> vault operator init

Thank you for your response. It seems that the vault server comes up already initialized.

Hi @ngriebling!

By default, Vault will be started in -dev mode inside a docker container which basically means that Vault stores all its data in-memory and uses the default test configuration. This is useful for testing purposes but it is highly recommended to not use the dev-mode for production setups.

I recommend to have a look at the configuration docs: https://www.vaultproject.io/docs/configuration/
After you’ve setup your desired configuration for Vault, you can mount your configuration into your Vault docker container and signal Vault to use this configuration instead of the default one.

For example:

docker run --cap-add=IPC_LOCK -v LOCAL_PATH_TO_CONFIG/vault.hcl:/root/vault.hcl vault server -config=/root/vault.hcl

This will start a Vault docker container with your configuration which is not initialized on bootstrap.


Thank you, Michel. It turns out that I was missing a setting in my config.hcl file. Things are working well. Appreciate your reply.