From 186528df560589615f622d079987bdaded8fbb1f Mon Sep 17 00:00:00 2001
From: Harikrishnan Dhanasekaran <harikrishnan@mulecraft.in>
Date: Sat, 8 Nov 2025 10:59:04 +0530
Subject: [PATCH] Feat : Add HashiCorp Vault template (#512)

* feat: add HashiCorp Vault template

* Update blueprints/vault/docker-compose.yml

---------

Co-authored-by: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
---
 blueprints/vault/docker-compose.yml | 20 ++++++++++++++++++++
 blueprints/vault/template.toml      | 17 +++++++++++++++++
 blueprints/vault/vault.svg          |  2 ++
 meta.json                           | 18 ++++++++++++++++++
 4 files changed, 57 insertions(+)
 create mode 100644 blueprints/vault/docker-compose.yml
 create mode 100644 blueprints/vault/template.toml
 create mode 100644 blueprints/vault/vault.svg

diff --git a/blueprints/vault/docker-compose.yml b/blueprints/vault/docker-compose.yml
new file mode 100644
index 00000000..d9ef3016
--- /dev/null
+++ b/blueprints/vault/docker-compose.yml
@@ -0,0 +1,20 @@
+version: "3.8"
+
+services:
+  vault:
+    image: hashicorp/vault:latest
+    container_name: vault
+    cap_add:
+      - IPC_LOCK
+    environment:
+      VAULT_DEV_ROOT_TOKEN_ID: "${VAULT_DEV_ROOT_TOKEN_ID}"
+      VAULT_DEV_LISTEN_ADDRESS: "${VAULT_DEV_LISTEN_ADDRESS}"
+    ports:
+      - "8200"
+    volumes:
+      - vault-data:/vault/file
+    command: "server -dev -dev-root-token-id=${VAULT_DEV_ROOT_TOKEN_ID} -dev-listen-address=${VAULT_DEV_LISTEN_ADDRESS}"
+
+volumes:
+  vault-data:
+
diff --git a/blueprints/vault/template.toml b/blueprints/vault/template.toml
new file mode 100644
index 00000000..e20571f7
--- /dev/null
+++ b/blueprints/vault/template.toml
@@ -0,0 +1,17 @@
+[variables]
+main_domain = "${domain}"
+root_token = "${password:32}"
+
+[config]
+
+[[config.domains]]
+serviceName = "vault"
+port = 8200
+host = "${main_domain}"
+
+[config.env]
+VAULT_DEV_ROOT_TOKEN_ID = "${root_token}"
+VAULT_DEV_LISTEN_ADDRESS = "0.0.0.0:8200"
+
+[[config.mounts]]
+
diff --git a/blueprints/vault/vault.svg b/blueprints/vault/vault.svg
new file mode 100644
index 00000000..de73e6cc
--- /dev/null
+++ b/blueprints/vault/vault.svg
@@ -0,0 +1,2 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="none" viewBox="0 0 16 16" aria-hidden="true"><path fill="#7D70BA" d="M0 0l7.971 15.516L16 0H0zm6.732 6.16h-1.27V4.89h1.27v1.27zm0-1.906h-1.27V2.985h1.27v1.269zm1.904 3.81h-1.27v-1.27h1.27v1.27zm0-1.905h-1.27V4.89h1.27v1.27zm0-1.905h-1.27V2.985h1.27v1.269zm1.894 1.905H9.26V4.89h1.27v1.27zM9.26 4.254V2.985h1.27v1.269H9.26z"></path></svg>
+
diff --git a/meta.json b/meta.json
index 35f7aece..18261ad5 100644
--- a/meta.json
+++ b/meta.json
@@ -5343,6 +5343,24 @@
       "self-hosted"
     ]
   },
+  {
+    "id": "vault",
+    "name": "Vault",
+    "version": "latest",
+    "description": "Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log. To sign in: In the Vault UI, select 'Token' as the authentication method (not GitHub), then enter the root token from the VAULT_DEV_ROOT_TOKEN_ID environment variable (auto-generated).",
+    "logo": "vault.svg",
+    "links": {
+      "github": "https://github.com/hashicorp/vault",
+      "website": "https://www.vaultproject.io/",
+      "docs": "https://developer.hashicorp.com/vault/docs"
+    },
+    "tags": [
+      "security",
+      "secrets",
+      "devops",
+      "infrastructure"
+    ]
+  },
   {
     "id": "vaultwarden",
     "name": "Vaultwarden",