puppet-vault

Puppet module to install and run Hashicorp Vault.

Currently installs v0.4.1 Linux AMD64 binary.

Support

This module is currently only tested on Ubuntu 14.04.

Usage

include vault

By default, vault requires a minimal configuration including a backend and a listener.

class { '::vault':
    config_hash => {
        'backend' => {
            'file' => {
                'path' => '/tmp',
            }
        },
            'listener' => {
                'tcp' => {
                    'address' => '127.0.0.1:8200',
                    'tls_disable' => 1,
                }
            }
    }
}

or alternatively using Hiera:

---
vault::config_hash:
    backend:
        file:
            path: /tmp
    listener:
        tcp:
            address: 127.0.0.1:8200
            tls_disable: 1

mlock

By default vault will use the mlock system call, therefore the executable will need the corresponding capability.

In production, you should only consider setting the disable_mlock option on Linux systems that only use encrypted swap or do not use swap at all.

The module will use setcap on the vault binary to enable this. If you do not wish to use mlock, modify your config_hash like:

class { '::vault':
    config_hash => {
        'disable_mlock' => true
    }
}

Name		Name	Last commit message	Last commit date
Latest commit History 42 Commits
lib/puppet/parser/functions		lib/puppet/parser/functions
manifests		manifests
spec		spec
templates		templates
tests		tests
.fixtures.yml		.fixtures.yml
.gitignore		.gitignore
.rspec		.rspec
.travis.yml		.travis.yml
CHANGELOG		CHANGELOG
CONTRIBUTORS		CONTRIBUTORS
Gemfile		Gemfile
Guardfile		Guardfile
LICENSE		LICENSE
README.md		README.md
Rakefile		Rakefile
metadata.json		metadata.json

License

atlassian/puppet-vault

Folders and files

Latest commit

History

Repository files navigation

puppet-vault

Support

Usage

mlock

About

Resources

License

Stars

Watchers

Forks

Languages