version: "3.8"
services:
vault:
image: hashicorp/vault:latest
container_name: vault-dev
environment:
VAULT_DEV_ROOT_TOKEN_ID: ${VAULT_DEV_ROOT_TOKEN_ID:-root}
VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
ports:
- "8200:8200"
cap_add:
- IPC_LOCK
command: >-
sh -lc "vault server -dev -dev-root-token-id=$${VAULT_DEV_ROOT_TOKEN_ID} -dev-listen-address=$${VAULT_DEV_LISTEN_ADDRESS}"
healthcheck:
test: ["CMD", "wget", "-q", "-O", "-", "http://127.0.0.1:8200/v1/sys/health"]
interval: 2s
timeout: 2s
retries: 30
setup:
image: hashicorp/vault:latest
container_name: vault-setup
depends_on:
vault:
condition: service_healthy
environment:
VAULT_ADDR: http://vault:8200
VAULT_TOKEN: ${VAULT_DEV_ROOT_TOKEN_ID:-root}
# Comma-separated agent list to create policies for
AGENTS: ${AGENTS:-agent_api,agent_jwt,agent_mtls}
KV_MOUNT: ${KV_MOUNT:-secret}
PREFIX: ${PREFIX:-mcp}
TRANSIT_KEY: ${TRANSIT_KEY:-mcp}
volumes:
- ./setup:/setup:ro
entrypoint: ["/bin/sh", "/setup/setup.sh"]
restart: "no"
jwks:
image: nginx:alpine
container_name: jwks
volumes:
- ./jwks:/usr/share/nginx/html:ro
ports:
- "9001:80"
healthcheck:
test: ["CMD-SHELL", "wget -q -O - http://127.0.0.1/jwks.json >/dev/null 2>&1"]
interval: 2s
timeout: 2s
retries: 30
networks:
default:
name: vaultnet
