actions/vault-action
12
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2026-05-14 04:20:33 +00:00
Code Activity Actions

give vault user permission to read certs

Browse source
This commit is contained in:
Srikrishna Iyer 2026-05-06 20:52:19 +05:30
parent fa6714caca
commit a1ad354bde
No known key found for this signature in database
GPG key ID: 212F890C328D4059
2 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
docker-compose.yml
View file

@ -45,7 +45,12 @@ services:
- 8200:8200
privileged: true
healthcheck:
test: ["CMD-SHELL", "VAULT_ADDR=https://127.0.0.1:8200 VAULT_CACERT=/etc/vault/ca.crt VAULT_CLIENT_CERT=/etc/vault/client.crt VAULT_CLIENT_KEY=/etc/vault/client.key vault status; s=$$?; [ $$s -eq 0 ]"]
# Exit 2 means sealed-but-running, which is acceptable during startup
test:
- CMD-SHELL
- |
export VAULT_ADDR=https://127.0.0.1:8200 VAULT_CACERT=/etc/vault/ca.crt VAULT_CLIENT_CERT=/etc/vault/client.crt VAULT_CLIENT_KEY=/etc/vault/client.key
vault status; s=$$?; [ $$s -eq 0 ] || [ $$s -eq 2 ]
interval: 1s
timeout: 5s
retries: 30

3
scripts/gen-tls-certs.sh
View file

@ -89,6 +89,9 @@ mv client-key.pem client.key
# ── Remove intermediates not needed at runtime ────────────────────────────────
rm -f ca.csr server.csr client.csr ca-key.pem cfssl-config.json
# Ensure files are readable by the vault container user
chmod 644 ./*.crt ./*.key
# ── Copy vault server config ──────────────────────────────────────────────────
cp "$REPO_ROOT/integrationTests/e2e-tls/configs/config.hcl" config.hcl