Docker Setup
This guide covers the steps to deploy the Signchain Self-hosted Vault Docker container, configure it with the necessary environment variables, and start the container using the official image.
Step 1: Pull the Docker Image
First, pull the latest version of the Signchain Vault Docker image from GitHub Container Registry:
docker pull ghcr.io/grexie/signchain-vault:latest
Step 2: Configure Environment Variables
To ensure the Vault operates securely and can connect to required services, configure the following environment variables based on the example .env
file from the repository. You can add these to your own .env
file:
Storage Configuration
VAULT_STORAGE_BACKEND
: Set this tomongo
to use MongoDB as the storage backend.VAULT_MONGO_URL
: Connection URL for MongoDB. Include authentication details if needed, for example:mongodb://username:password@mongo:27017/signchain-vault?replicaSet=rs0
Networking and Security
PORT
: (Optional) Specify the port for the Vault. Default is443
(TLS). For insecure HTTP, set it to80
.VAULT_INSECURE_HTTP
: Set this totrue
if using HTTP (only recommended with an SSL front end).VAULT_KEY
: List of vault keys obtained from your Signchain dashboard. Use commas to separate multiple keys.VAULT_AUTH_SECRET_KEY
: A secure key to prevent man-in-the-middle (MITM) attacks, used withX-Vault-Auth-Signature
for signing requests. Generate a secure key, e.g., with:ps aux | shasum
Example .env
configuration:
VAULT_STORAGE_BACKEND=mongo
VAULT_MONGO_URL=mongodb://localhost:27017/signchain-vault
PORT=80
VAULT_INSECURE_HTTP=true
VAULT_KEY=vault-key-1,vault-key-2,vault-key-3
VAULT_AUTH_SECRET_KEY=your_secure_key
Step 3: Start the Docker Container
Once your .env
file is configured, start the container with:
docker run -d --name signchain-vault \
--env-file .env \
-p 80:80 \
ghcr.io/grexie/signchain-vault:latest
This command will start the container in detached mode (-d
) with environment variables loaded from your .env
file.
Step 4: Verify the Vault is Running
Check the logs to confirm the Vault started successfully:
docker logs -f signchain-vault
You should see output indicating that the vault has started and is connected to MongoDB.
Next Steps
Your Signchain Self-hosted Vault is now running! For further configuration options, see the following guides: