Skip to main content
Welcome to Virtru's support portal. As we work to make this page more accessible to screen readers, please contact us at support@virtru.com for technical support.

Virtru Private Keystore (for Virtru Solutions) – Docker Fails to Access keys Directory

  • Updated

Summary

During the VPK deployment, Docker may throw an error indicating it cannot access the /var/virtru/cks/keys directory. This typically occurs when the bind mount path on the host does not exist or lacks proper permissions.

Error Message

docker: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /var/virtru/cks/keys

Cause

Docker bind mounts require the host directory to exist and be accessible before the container starts. If the directory is missing, restricted, or incorrectly defined, the container will fail to initialize with a bind error.

This error typically occurs due to one or more of the following reasons:

  • The directory /var/virtru/cks/keys does not exist at runtime: Docker cannot create it automatically—it must be pre-created on the host.

  • File or directory permissions prevent Docker from accessing it: The Docker engine may lack sufficient read or execute access to the specified path.

  • The host filesystem is mounted as read-only: In some environments, system directories like /var or /opt may be locked down for security, preventing Docker from writing or binding to them.

  • The run.sh script contains Windows-style carriage returns (^M) or other formatting errors: If the script was authored or edited on a Windows system, it may break during execution on Linux.

  • The container name is already in use, causing confusion if the container is re-run without being stopped and removed.

  • Typos or incorrect path references in the volume mount flags (-v) within the run.sh script can cause Docker to reference directories that do not exist on the host system, resulting in a bind mount failure.

Resolution

1. Verify the directory exists

ls -l /var/virtru/cks/keys

If missing, create the directory:

mkdir -p /var/virtru/cks/keys

2. Set correct permissions

chmod 755 /var/virtru/cks/keys
chmod 644 /var/virtru/cks/keys/*

3. Check for formatting issues in run.sh

Check for invalid characters:

cat -A run.sh

If you see ^M or unexpected symbols, fix it with:

dos2unix run.sh

4. Use the Official Deployment Script

You can download the official deployment script from our documentation here:

Virtru Private Keystore – Linux Upgrade Guide

Or replace your existing run.sh script with the one below.

Check our release notes to grab the latest version number

#!/bin/bash

docker run \
--name Virtru_CKS \
--interactive --tty --detach \
--env-file /var/virtru/cks/env/cks.env \
-v /var/virtru/cks/keys/:/app/keys \
-v /var/virtru/cks/ssl/:/app/ssl \
--restart unless-stopped \
-p 443:9000 \
containers.virtru.com/cks:<latestCKSVersionNumber>

5. Run the script

  • Check to make sure no other containers are running or stopped 

  • Copy the<containerID>
docker ps -a

  • Bring down the running containers

docker stop <containerID>
docker rm <containerID>
cd /var/virtru/cks
sh run.sh

Need Help?

If the issue persists, follow the steps here: Docker Mount Error

Contact Virtru Support and include:

ls -l /var/virtru/cks/keys
docker run --rm -v /var/virtru/cks/keys:/app/keys alpine ls /app/keys

Related articles