Puppet module to install and run Hashicorp Vault.
Currently installs v0.4.1 Linux AMD64 binary.
This module is currently only tested on Ubuntu 14.04.
include vaultBy default, vault requires a minimal configuration including a backend and a listener.
class { '::vault':
config_hash => {
'backend' => {
'file' => {
'path' => '/tmp',
}
},
'listener' => {
'tcp' => {
'address' => '127.0.0.1:8200',
'tls_disable' => 1,
}
}
}
}or alternatively using Hiera:
---
vault::config_hash:
backend:
file:
path: /tmp
listener:
tcp:
address: 127.0.0.1:8200
tls_disable: 1By default vault will use the mlock system call, therefore the executable will need the corresponding capability.
In production, you should only consider setting the disable_mlock option on Linux systems that only use encrypted swap or do not use swap at all.
The module will use setcap on the vault binary to enable this.
If you do not wish to use mlock, modify your config_hash like:
class { '::vault':
config_hash => {
'disable_mlock' => true
}
}