Provide capistrano access your Hashicrop Vault server to signature certificate to ssh into server, or read access token saved in Vault.
Add this line to your application's Gemfile:
gem 'capistrano-vault'Enable SSH Plugin in Capfile
# ...
require "capistrano/vault"
# This Hook will override your ssh options to use signed key and publickey mode to ssh.
install_plugin Capistrano::Vault::SSHSetup the options to sign
set :vault_address, 'https://vault.example.com' # If not set, it will use EVN['VAULT_ADDR']
set :vault_ssh_mount_path, 'ssh-client-signer'
set :vault_ssh_role, 'deploy'Before running capistrano command, make sure you are already vault login
Make sure your are added the trusted ca in your server.
After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/elct9620/capistrano-vault.