vault-hier/docker-compose.yml

services:
  vault:
    image: hashicorp/vault:1.15
    container_name: vault
    ports:
      - "8200:8200"
    environment:
      - 'VAULT_LOCAL_CONFIG={"storage": {"file": {"path": "/vault/file"}}, "listener": {"tcp": {"address": "0.0.0.0:8200", "tls_disable": true}}, "ui": true, "disable_mlock": true}'
    cap_add:
      - IPC_LOCK
    volumes:
      - vault-data:/vault/file
    command: server
    healthcheck:
      test: ["CMD", "sh", "-c", "wget -q -O- --no-check-certificate http://127.0.0.1:8200/v1/sys/health?standbyok=true\\&sealedok=true\\&uninitok=true || exit 0"]
      interval: 5s
      timeout: 2s
      retries: 3
      start_period: 5s
    networks:
      - vault-net

  vault-init:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: vault-init
    environment:
      - VAULT_ADDR=http://vault:8200
    depends_on:
      vault:
        condition: service_healthy
    volumes:
      - ./:/app/data
    networks:
      - vault-net
    restart: on-failure
    # Using a non-daemon container that exits after completion
    deploy:
      restart_policy:
        condition: none

volumes:
  vault-data:

networks:
  vault-net:
    driver: bridge