etcd-secure is a Docker container running etcd with a user provided secure key
This container was created following the etcd security documentation.
To use this container you need to pass 3 environment args in
- CA_FILE_DATA - The contents of the ca crt file
- CERT_FILE_DATA - The contents of the server crt file
- KEY_FILE_DATA - The contents of the server key file
- DISCOVERY_URL - The discovery url to use with this etcd server (optional)
Instead of passing the file contents, you can also mount the /opt/keys volume, and pass in the filepaths to the key files instead:
- CA_FILE - The filename of the ca crt file
- CERT_FILE - The filename of the server crt file
- KEY_FILE - The filename of the server key file
docker run -e "CERT_FILE_DATA=foo" -e "KEY_FILE_DATA=bar" -e "CA_FILE_DATA=baz" -e "DISCOVERY_URL=https://discovery.etcd.io/d29af1e5ef8df09c32f2d296cc0a9806" -t bfosberry/etcd-secure
You can also run this with the key files
docker run -v "/home/core/keys:/opt/keys" -e "CERT_FILE=/opt/keys/foo.crt" -e "KEY_FILE=/opt/keys/bar.key" -e "CA_FILE=/opt/keys/baz.crt" -e "DISCOVERY_URL=https://discovery.etcd.io/d29af1e5ef8df09c32f2d296cc0a9806" -t bfosberry/etcd-secure
You can find a guide to creating your own keys here