docker plugin vault
docker secret plugin for vault provider
how to build docker plugin
rm -fr plugin/rootfs/.dockerenv plugin/rootfs/*
docker build --pull --tag rootfsimage .
id=$(docker create rootfsimage true)
mkdir -p plugin/rootfs/
docker export "$id" | tar -x -C plugin/rootfs/
docker rm -vf "$id"
docker plugin create canuxcheng/docker-plugin-vault ./plugin
docker plugin disable canuxcheng/docker-plugin-vault
docker plugin rm canuxcheng/docker-plugin-vault
share vault token to plugin
create service and token secret
echo -n <token> | docker secret create vault-token-secret -
docker service create --mode global --constraint 'node.role == manager' --name vault-token-service --secret vault-token-secret --restart-condition on-failure busybox tail -f /dev/null