Docker Container
Run the CLI using a Docker container.
Getting the image
The first step is pulling the CLI image.
Running a container
The next step is running the container. By default the container is setup to run ksm
in shell mode.
The docker run command.
Flags to remove the container when it is done running. That will prevent a build up of inactive containers.
Flag to enable interactions with the container.
Mounts the current directory as /wd inside of the container and then set the working directory to /wd inside of the container. This will allow anything written to /wd to be written to the current directory outside of the container. This is useful when downloading a file.
Mounts a directory where we want to store, or have, the keeper.ini file. Then we passing the environmental variable telling the CLI where to write or read the keeper.ini file.
Name of the image.
Aliasing
The docker run command can be a little too much to type each time. It is recommend that aliases be created.
The above will launch the ksm shell.
The next alias is slightly different. At the end of the run command, the application ksm
is added. This will cause the ksm
not to start in shell mode.
Built in Binaries
The KSM CLI docker includes a volume mount to both GLIBC (most Linux distributions) and MUSL (Alpine Linux) CLI binaries. The volume is /cli
. This directory can be mounted into another container using the volumes_from
in docker-compose or -v
from command line docker. The ksm executables exists in directory based on the version of C library your Linux distribution is using.
/cli/glibc/ksm
- For standard GLIBC distributions like Ubuntu, Debian, Fedora, and CentOS./cli/musl/ksm
- For Alpine Linux.
For example, the following is simple framework showing how to access the CLI binary.
The init
service will load the CLI docker. The container will start, display a CLI splash screen, and then exit. Even though the container has stopped, the /cli
volume is still accessible.
The main
service will mount the CLI docker's volume under the directory /cli
using volumes_from
. The command
is overridden to run the GLIBC version of the KSM CLI. The command
is using the exec
function of the CLI. That will replace environment variables environment variable, that use the Keeper Notation, with a secret value. The exec
command, of the CLI, is running the printenv
application. That will print the environment variable, MY_LOGIN, that has been set to Keeper Notation, and has had its value replaced with a secret by the exec
command.
Last updated