puppet-vault

Overview

This is a puppet module to install Hashicorp's vault project to keep your secrets safe. This module doesn't build the Vault packages which should be pretty easy to do using fpm.

Documentation for Vault can be found on their site. Take into consideration:

You can only define one storage backend, listener and telemetry on the config file.
Other configurations should be set up using Vault API or CLI.

Install Vault

include ::vault

Configure Vault using Hiera

This module enables you to use hiera to configure your Vault server. It also allows you to use module data.

vault::config_hash:
    backend:
        consul:
            address: '127.0.0.1:8500'
            advertise_addr: "http://%{::ipaddress_eth0}"
            path: 'vault/'
    listener:
        tcp:
            address: "%{::fqdn}:8200"
            tls_disable: 1
    telemetry:
        statsite_address: '127.0.0.1:8125'
        disable_hostname: true
    disable_mlock: true
vault::manage_user: true
vault::package_ensure: 'latest'
vault::vault_user: 'vault'
vault::restart_cmd: '/etc/init.d/vault restart'

Uninstalling Vault

Ensure the following hiera key is present so Vault can be correctly uninstalled

vault::package_ensure: absent

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
.github		.github
data		data
lib/puppet/parser/functions		lib/puppet/parser/functions
manifests		manifests
spec		spec
templates		templates
tests		tests
.fixtures.yml		.fixtures.yml
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
.rspec		.rspec
.travis.yml		.travis.yml
Gemfile		Gemfile
README.md		README.md
Rakefile		Rakefile
metadata.json		metadata.json

isabella232/puppet-vault

Folders and files

Latest commit

History

Repository files navigation

puppet-vault

Overview

Install Vault

Configure Vault using Hiera

Uninstalling Vault

See also

About

Resources

Code of conduct

Stars

Watchers

Forks

Languages