UNCLASSIFIED

Commit 675aaffc authored by Vickie Shen's avatar Vickie Shen
Browse files

updated hardening

parent 49513cf0
Pipeline #109434 passed with stage
in 5 seconds
ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io ARG BASE_REGISTRY=registry1.dsop.io
ARG BASE_IMAGE=ubi8 ARG BASE_IMAGE=ubi8
ARG BASE_TAG=8.2 ARG BASE_TAG=8.3
FROM vault:1.6.0 AS source FROM vault:1.6.0 AS source
...@@ -17,11 +17,11 @@ RUN groupadd -g 1001 vault && \ ...@@ -17,11 +17,11 @@ RUN groupadd -g 1001 vault && \
mkdir -p /vault/config && \ mkdir -p /vault/config && \
chown -R vault:vault /vault chown -R vault:vault /vault
EXPOSE 8200 EXPOSE 8200
USER vault USER vault
HEALTHCHECK --interval=5m --timeout=30s --start-period=1m --retries=3 \ HEALTHCHECK --interval=5m --timeout=30s --start-period=1m --retries=3 \
CMD curl -f http://locahost:8200/v1/sys/health?standbyok=true || exit 1 CMD curl -f http://locahost:8200/v1/sys/health?standbyok=true || exit 1
ENTRYPOINT ["docker-entrypoint.sh"] ENTRYPOINT ["docker-entrypoint.sh"]
CMD ["server"] CMD ["server"]
...@@ -20,20 +20,20 @@ args: ...@@ -20,20 +20,20 @@ args:
labels: labels:
org.opencontainers.image.title: "vault" org.opencontainers.image.title: "vault"
## Human-readable description of the software packaged in the image ## Human-readable description of the software packaged in the image
# org.opencontainers.image.description: "FIXME" org.opencontainers.image.description: "Vault is a tool for securely accessing secrets."
## License(s) under which contained software is distributed ## License(s) under which contained software is distributed
# org.opencontainers.image.licenses: "FIXME" org.opencontainers.image.licenses: "MPL-2.0"
## URL to find more information on the image ## URL to find more information on the image
# org.opencontainers.image.url: "FIXME" org.opencontainers.image.url: "https://www.vaultproject.io/"
## Name of the distributing entity, organization or individual ## Name of the distributing entity, organization or individual
# org.opencontainers.image.vendor: "FIXME" org.opencontainers.image.vendor: "Hashicorp"
org.opencontainers.image.version: "1.6.0" org.opencontainers.image.version: "1.6.0"
## Keywords to help with search (ex. "cicd,gitops,golang") ## Keywords to help with search (ex. "cicd,gitops,golang")
# mil.dso.ironbank.image.keywords: "FIXME" mil.dso.ironbank.image.keywords: "opensource"
## This value can be "opensource" or "commercial" ## This value can be "opensource" or "commercial"
# mil.dso.ironbank.image.type: "FIXME" mil.dso.ironbank.image.type: "opensource"
## Product the image belongs to for grouping multiple images ## Product the image belongs to for grouping multiple images
# mil.dso.ironbank.product.name: "FIXME" mil.dso.ironbank.product.name: "Apache vault"
# List of resources to make available to the offline build context # List of resources to make available to the offline build context
resources: resources:
...@@ -41,15 +41,10 @@ resources: ...@@ -41,15 +41,10 @@ resources:
url: docker://docker.io/library/vault@sha256:b04266db3e7ece92690df720fcf98ecf138a92ed3d1edc14dc86fe814c33ab9b url: docker://docker.io/library/vault@sha256:b04266db3e7ece92690df720fcf98ecf138a92ed3d1edc14dc86fe814c33ab9b
# List of project maintainers # List of project maintainers
# FIXME: Fill in the following details for the current container owner in the whitelist
# FIXME: Include any other vendor information if applicable
maintainers: maintainers:
- email: "brianmiller@cloudfitsoftware.com" - email: "shen_vickie@bah.com"
# # The name of the current container owner # # The name of the current container owner
# name: "FIXME" name: "Vickie Shen"
# # The gitlab username of the current container owner # # The gitlab username of the current container owner
# username: "FIXME" username: "shen_vickie"
# cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT cht_member: true
# - name: "FIXME"
# username: "FIXME"
# email: "FIXME"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment