secretumvault/deploy/docker/Dockerfile

# Multi-stage build for SecretumVault
# Stage 1: Builder
FROM rust:1.82 as builder

WORKDIR /build

# Install dependencies
RUN apt-get update && apt-get install -y \
    libssl-dev \
    pkg-config \
    && rm -rf /var/lib/apt/lists/*

# Copy manifests
COPY Cargo.toml Cargo.lock ./

# Copy source code
COPY src ./src

# Build with all features
RUN cargo build --release --features "server cli surrealdb-storage etcd-storage postgresql-storage aws-lc pqc cedar"

# Stage 2: Runtime
FROM debian:bookworm-slim

WORKDIR /app

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
    libssl3 \
    ca-certificates \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Copy binary from builder
COPY --from=builder /build/target/release/svault /usr/local/bin/svault

# Create vault user
RUN useradd -m -u 1000 vault && chown -R vault:vault /app

USER vault

# Default config path
ENV VAULT_CONFIG=/etc/secretumvault/svault.toml

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
    CMD curl -f http://localhost:8200/v1/sys/health || exit 1

# Expose ports
EXPOSE 8200 9090

# Default command
ENTRYPOINT ["svault"]
CMD ["server", "--config", "${VAULT_CONFIG}"]
chore: source code, docs and tools 2025-12-22 21:34:01 +00:00			`# Multi-stage build for SecretumVault`
			`# Stage 1: Builder`
			`FROM rust:1.82 as builder`

			`WORKDIR /build`

			`# Install dependencies`
			`RUN apt-get update && apt-get install -y \`
			`libssl-dev \`
			`pkg-config \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# Copy manifests`
			`COPY Cargo.toml Cargo.lock ./`

			`# Copy source code`
			`COPY src ./src`

			`# Build with all features`
			`RUN cargo build --release --features "server cli surrealdb-storage etcd-storage postgresql-storage aws-lc pqc cedar"`

			`# Stage 2: Runtime`
			`FROM debian:bookworm-slim`

			`WORKDIR /app`

			`# Install runtime dependencies`
			`RUN apt-get update && apt-get install -y \`
			`libssl3 \`
			`ca-certificates \`
			`curl \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# Copy binary from builder`
			`COPY --from=builder /build/target/release/svault /usr/local/bin/svault`

			`# Create vault user`
			`RUN useradd -m -u 1000 vault && chown -R vault:vault /app`

			`USER vault`

			`# Default config path`
			`ENV VAULT_CONFIG=/etc/secretumvault/svault.toml`

			`# Health check`
			`HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \`
			`CMD curl -f http://localhost:8200/v1/sys/health \|\| exit 1`

			`# Expose ports`
			`EXPOSE 8200 9090`

			`# Default command`
			`ENTRYPOINT ["svault"]`
			`CMD ["server", "--config", "${VAULT_CONFIG}"]`