vault
Securely storing and accessing secrets, tokens, certificates, and other sensitive data.
What is vault
The vault image provides HashiCorp Vault, a tool for securely storing and accessing secrets, tokens, certificates, and other sensitive data. Vault enables centralized secret management through APIs and CLI access, with strong encryption, identity-based access controls, and audit logging.
This image packages the Vault server, which can be run in standalone mode for development or as a cluster in production with support for storage backends like Consul, integrated storage, or cloud-managed services. It’s commonly used to inject secrets into applications, manage dynamic credentials (e.g. database access), and facilitate secure service-to-service communication.
The vault image is used by security teams and platform engineers to implement secret management across distributed infrastructure, especially in Kubernetes and CI/CD pipelines.
How to use this image
The vault image runs the Vault server binary and supports both development and production modes.
Run Vault in development mode (ephemeral, in-memory):
This starts Vault with a known root token (root) and stores data in memory only. Ideal for local testing.
Use the Vault CLI inside a container:
Run with persistent storage (e.g. file backend):
Logging and ports:
Vault logs to stdout by default. The API and web UI (if enabled) are served on port 8200.
Image variants
HashiCorp provides a single image under hashicorp/vault, with a consistent structure and versioning scheme:
Tracks the most recent stable release of Vault. Use with caution in production – prefer versioned tags to ensure consistency.
Tagged by release (e.g.1.14.4, 1.13.0). Recommended for all production deployments to avoid unintentional upgrades.
No Alpine or OS-specific variants are provided. The image is based on a minimal Debian environment maintained by HashiCorp.
.avif)