docker-compose.yml

# Important: We should avoid exposing any ports between `20000` and `36384`
# see here for reasons why: https://github.com/logrhythm/boreas/tree/master/documentation/troubleshooting
version: "3.7"

volumes:
  vault_data: {}
  vault_unseal: {}

networks:
  default:
    ipam:
      driver: default
      config:
        - subnet: 172.28.0.0/16

services:
  vault:
    image: vault:1.5.3
    restart: always
    environment:
      VAULT_DEV_ROOT_TOKEN_ID: "myroot"
      VAULT_ADDR: "http://127.0.0.1:8200"
      VAULT_SUPPLEMENTAL_CONFIG: '{"ui":true, "listener": {"tcp":{"address": "0.0.0.0:8200", "tls_disable": 1}}}'
      VAULT_LOCAL_CONFIG: '{"backend": {"file": {"path": "/vault/file"}}, "default_lease_ttl": "168h", "max_lease_ttl": "720h"}'
    command: [ 'vault', 'server', '-config=/vault/config' ]
    ports:
      - "8200:8200"
    cap_add:
      - IPC_LOCK # this is required in order for Vault to lock memory, which prevents it from being swapped to disk
    volumes:
      - vault_data:/vault/file
      - vault_unseal:/vault/unseal
      - ./vault/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh
    networks:
      default:
        ipv4_address: 172.28.1.46