diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4c49bd7
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.env
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..6479c59
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,62 @@
+ARG GO_VERSION=alpine
+
+FROM golang:${GO_VERSION} as build
+
+ARG NODE_10_SRC="http://dl-cdn.alpinelinux.org/alpine/v3.10/main/x86_64"
+
+RUN \
+	apk update --no-cache && \
+	apk add --no-cache gawk && \
+	NODE_APK=$(wget -qO- "${NODE_10_SRC}" | gawk 'match($0,/^.*href="(nodejs-10\..*\.apk)".*$/,ary) { print ary[1] }') && \
+	NPM_APK=$(wget -qO- "${NODE_10_SRC}" | gawk 'match($0,/^.*href="(npm-10\..*\.apk)".*$/,ary) { print ary[1] }') && \
+	wget -O nodejs10.apk "${NODE_10_SRC}/${NODE_APK}" && \
+	wget -O npm10.apk "${NODE_10_SRC}/${NODE_APK}" && \
+	apk add nodejs10.apk npm10.apk
+
+RUN \
+	apk update --no-cache &&\
+	apk add --no-cache \
+		bash \
+		git \
+		make \
+		yarn && \
+	git config --global advice.detachedHead false
+
+ARG VAULT_VERSION=
+ARG VAULT_REPO
+ARG BUILD_PATH=vault
+
+RUN \
+	echo "selected repo: ${VAULT_REPO}" && \
+	if [ -z "${VAULT_VERSION}" ]; then \
+		VAULT_VERSION=$( \
+			git ls-remote "${VAULT_REPO}" | \
+			awk '$2 ~ /^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+$/ { print substr($2,11) }' | sort -V | tail -n1 \
+		) ; \
+	fi && \
+	echo "selected vault branch: ${VAULT_VERSION}" && \
+	BUILD_PATH=$(echo "${VAULT_REPO}" | sed -E 's/^.*\/\/(.*)\.git/\1/') && \
+	BUILD_PATH="/go/src/${BUILD_PATH}" && \
+	git clone \
+		--branch="${VAULT_VERSION}" \
+		--depth=1 \
+		"${VAULT_REPO}" \
+		"${BUILD_PATH}" && \
+	cd "${BUILD_PATH}" && \
+	make static-dist dev-ui
+
+FROM alpine:3 as runtime
+
+RUN addgroup vault && \
+    adduser -S -G vault vault
+
+RUN \
+	mkdir -p \
+		/vault/file \
+		/vault/config && \
+	chown -R vault:vault
+
+COPY --from=build /go/bin/vault /bin/vault
+
+ENTRYPOINT /bin/vault server -config /vault/config
+
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..4dfc054
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,20 @@
+version: '3'
+
+services:
+  vault:
+    build:
+      args:
+        VAULT_REPO: ${VAULT_REPO}
+        VAULT_VERSION: ${VAULT_VERSION}
+      context: ./
+    container_name: vault
+    image: vault:local
+    logging:
+      driver: journald
+      options:
+        tag: vault
+    restart: never # TODO
+    ports:
+      - ${API_IP}:${API_PORT}:8200
+      - ${CLUSTER_IP}:${CLUSTER_PORT}:8201
+
diff --git a/env.dist b/env.dist
new file mode 100644
index 0000000..179bcc1
--- /dev/null
+++ b/env.dist
@@ -0,0 +1,6 @@
+API_IP="127.0.0.1"
+API_PORT=8200
+CLUSTER_IP="127.0.0.1"
+CLUSTER_PORT=8201
+VAULT_VERSION=
+VAULT_REPO=https://github.com/hashicorp/vault