Last updated
Last updated
The Dockerfile placed in the repository can be used to create an image with a ready to use Vault system, including the passkey plugin. If desired, the Dockerfile can be changed to run Vault in development mode, using the comments.
To build the image, a GitHub token with access to enclaive's repositories has to be provided:
After successfull build the container can be started and Vault will start in production mode. The config.hcl, full-chain.pem and private-key.pem of this repository will be placed at /cfg in the image. The certificates are self signed for localhost. The following command will bind a customized config and certificates.
After creation we can access the defined URL and unseal Vault. Remember to store the root token and unseal key/s.
After unsealing Vault, we will connect with another terminal into the container and register the plugin. We need to set the environment variables and generate the hash.
Inside the container: (-tls-skip-verify is used to ignore TLS verification)
Now the UI can be used to mount the plugin. After mounting the accessor ID needs to be retrieved to create a policy.
Now a user can be created and the invite link can be used to register.
Example Policy:
The example policy in this repository needs to be adjusted with the correct accessor ID and mount path. After creating the policy, the relying party has to be set up to the correct values (RP ID: domain without scheme, Origin: FQDN with scheme) For example RPID: localhost, origin:
