Salt Formula for setting up Hashicorp Vault
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
Sean Johnson cb2121fc4a fix systemd template 4 months ago
ci ci: use formula ci template 1 year ago
test/integration updates 4 months ago
vault fix systemd template 4 months ago
.gitignore Add support for tests 3 years ago
.gitlab-ci.yml freudian slip irl 2 years ago
.kitchen.yml vault agent mode support 4 months ago
.travis.yml travis: optimise .travis.yml and .kitchen.yml 2 years ago
Gemfile ci: use formula ci template 1 year ago
Gemfile.lock vault agent mode support 4 months ago
LICENSE Add license file 3 years ago
README.rst Update listener examples and make default listener bind to localhost only 2 years ago
pillar.example vault agent mode support 4 months ago

README.rst

======
Vault
======

.. image:: https://travis-ci.org/saltstack-formulas/vault-formula.svg?branch=master

Formulas for working with `Vault <http://www.vaultproject.io>`_

Available states
================

.. contents::
:local:

``vault``
----------

Install the vault binary


``vault.server``
---------------------

Install and configure the vault server

To use it, just include *vault.server* in your *top.sls*, and configure it using pillars:

::

vault:
version: 0.11.2
user: vault
group: vault
home_dir: /var/lib/vault
dev_mode: true

# Any content in the `config` section will be serialized directly
# into /etc/vault/server.json
config:
log_level: INFO
default_lease_ttl: 24h
max_lease_ttl: 24h
pid_file: /var/run/vault.pid
listener:
- tcp:
address: "0.0.0.0:8200"
tls_disable: true
storage:
file:
path: /var/lib/vault/data

tls:
self_signed_cert:
enabled: false

Issues
======

Vault `v0.10.0 <https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#0100-april-10th-2018>`_ introduces a revamped versioned kv backend (version 2), with a breaking change in the paths used to read/write data. This backend is enabled by default when dev mode is enabled.

The Salt execution modules are not compatible with this new backend, therefore if you intend to access Vault in dev mode using the Salt modules, it's suggested to use an outdated, but compatible version of Vault by setting a pillar value e.g. ``version: 0.9.6``.

Testing
=======

Testing is done with `Test Kitchen <http://kitchen.ci/>`_
for machine setup and `inspec <https://github.com/chef/inspec/>`_
for integration tests.

Requirements
------------

* Ruby
* Docker

::

gem install bundler
bundle install
bundle exec kitchen test all