Docker Setup

This guide covers the steps to deploy the Signchain Self-hosted Vault Docker container, configure it with the necessary environment variables, and start the container using the official image.

Step 1: Pull the Docker Image

First, pull the latest version of the Signchain Vault Docker image from GitHub Container Registry:

docker pull ghcr.io/grexie/signchain-vault:latest

Step 2: Configure Environment Variables

To ensure the Vault operates securely and can connect to required services, configure the following environment variables based on the example .env file from the repository. You can add these to your own .env file:

Storage Configuration

  • VAULT_STORAGE_BACKEND: Set this to mongo to use MongoDB as the storage backend.
  • VAULT_MONGO_URL: Connection URL for MongoDB. Include authentication details if needed, for example:
    mongodb://username:password@mongo:27017/signchain-vault?replicaSet=rs0
    

Networking and Security

  • PORT: (Optional) Specify the port for the Vault. Default is 443 (TLS). For insecure HTTP, set it to 80.
  • VAULT_INSECURE_HTTP: Set this to true if using HTTP (only recommended with an SSL front end).
  • VAULT_KEY: List of vault keys obtained from your Signchain dashboard. Use commas to separate multiple keys.
  • VAULT_AUTH_SECRET_KEY: A secure key to prevent man-in-the-middle (MITM) attacks, used with X-Vault-Auth-Signature for signing requests. Generate a secure key, e.g., with:
    ps aux | shasum
    

Example .env configuration:

VAULT_STORAGE_BACKEND=mongo
VAULT_MONGO_URL=mongodb://localhost:27017/signchain-vault
PORT=80
VAULT_INSECURE_HTTP=true
VAULT_KEY=vault-key-1,vault-key-2,vault-key-3
VAULT_AUTH_SECRET_KEY=your_secure_key

Step 3: Start the Docker Container

Once your .env file is configured, start the container with:

docker run -d --name signchain-vault \
           --env-file .env \
           -p 80:80 \
           ghcr.io/grexie/signchain-vault:latest

This command will start the container in detached mode (-d) with environment variables loaded from your .env file.

Step 4: Verify the Vault is Running

Check the logs to confirm the Vault started successfully:

docker logs -f signchain-vault

You should see output indicating that the vault has started and is connected to MongoDB.

Next Steps

Your Signchain Self-hosted Vault is now running! For further configuration options, see the following guides: