55 lines
1.2 KiB
Docker
55 lines
1.2 KiB
Docker
# Multi-stage build for SecretumVault
|
|
# Stage 1: Builder
|
|
FROM rust:1.82 as builder
|
|
|
|
WORKDIR /build
|
|
|
|
# Install dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
libssl-dev \
|
|
pkg-config \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy manifests
|
|
COPY Cargo.toml Cargo.lock ./
|
|
|
|
# Copy source code
|
|
COPY src ./src
|
|
|
|
# Build with all features
|
|
RUN cargo build --release --features "server cli surrealdb-storage etcd-storage postgresql-storage aws-lc pqc cedar"
|
|
|
|
# Stage 2: Runtime
|
|
FROM debian:bookworm-slim
|
|
|
|
WORKDIR /app
|
|
|
|
# Install runtime dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
libssl3 \
|
|
ca-certificates \
|
|
curl \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /build/target/release/svault /usr/local/bin/svault
|
|
|
|
# Create vault user
|
|
RUN useradd -m -u 1000 vault && chown -R vault:vault /app
|
|
|
|
USER vault
|
|
|
|
# Default config path
|
|
ENV VAULT_CONFIG=/etc/secretumvault/svault.toml
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
|
|
CMD curl -f http://localhost:8200/v1/sys/health || exit 1
|
|
|
|
# Expose ports
|
|
EXPOSE 8200 9090
|
|
|
|
# Default command
|
|
ENTRYPOINT ["svault"]
|
|
CMD ["server", "--config", "${VAULT_CONFIG}"]
|