saltbox-formulas
/
vault
2
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Salt Formula for setting up Hashicorp Vault
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 Commits
1 Branch
143 KiB
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
 ZIP  TAR.GZ
Sean Johnson cb2121fc4a fix systemd template 4 months ago
ci ci: use formula ci template 1 year ago
test/integration updates 4 months ago
vault fix systemd template 4 months ago
.gitignore Add support for tests 3 years ago
.gitlab-ci.yml freudian slip irl 2 years ago
.kitchen.yml vault agent mode support 4 months ago
.travis.yml travis: optimise .travis.yml and .kitchen.yml 2 years ago
Gemfile ci: use formula ci template 1 year ago
Gemfile.lock vault agent mode support 4 months ago
LICENSE Add license file 3 years ago
README.rst Update listener examples and make default listener bind to localhost only 2 years ago
pillar.example vault agent mode support 4 months ago

README.rst 

======
Vault
======

.. image:: https://travis-ci.org/saltstack-formulas/vault-formula.svg?branch=master

Formulas for working with `Vault <http://www.vaultproject.io>`_

Available states
================

.. contents::
    :local:

``vault``
----------

Install the vault binary


``vault.server``
---------------------

Install and configure the vault server

To use it, just include *vault.server* in your *top.sls*, and configure it using pillars:

::

  vault:
    version: 0.11.2
    user: vault
    group: vault
    home_dir: /var/lib/vault
    dev_mode: true

    # Any content in the `config` section will be serialized directly
    # into /etc/vault/server.json
    config:
      log_level: INFO
      default_lease_ttl: 24h
      max_lease_ttl: 24h
      pid_file: /var/run/vault.pid
      listener:
        - tcp:
            address: "0.0.0.0:8200"
            tls_disable: true
      storage:
        file:
          path: /var/lib/vault/data
          
    tls:
      self_signed_cert:
        enabled: false

Issues
======

Vault `v0.10.0 <https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#0100-april-10th-2018>`_ introduces a revamped versioned kv backend (version 2), with a breaking change in the paths used to read/write data. This backend is enabled by default when dev mode is enabled.

The Salt execution modules are not compatible with this new backend, therefore if you intend to access Vault in dev mode using the Salt modules, it's suggested to use an outdated, but compatible version of Vault by setting a pillar value e.g. ``version: 0.9.6``.

Testing
=======

Testing is done with `Test Kitchen <http://kitchen.ci/>`_
for machine setup and `inspec <https://github.com/chef/inspec/>`_
for integration tests.

Requirements
------------

* Ruby
* Docker

::

    gem install bundler
    bundle install
    bundle exec kitchen test all