Skip to content

nimbolus/tf-vault

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
examples/vault-auto-unseal
examples/vault-auto-unseal
 
 
vault-consul
vault-consul
 
 
vault-transit
vault-transit
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

terraform modules for HashiCorp Vault

vault-consul

Deploys Vault server on Kubernetes and connects with existing HashiCorp Consul cluster.

vault-transit

Addition to vault-consul module which can be deployed on a second Vault cluster to auto-unseal the main cluster with Vault's transit engine.

Usage

  1. Deploy Vault 1 (e.g. with vault-consul) - do NOT enable auto-unseal yet.
  2. Forward port 8200 and initialize Vault 1: kubectl -n vault port-forward vault-0 8200
  3. Deploy and initialize Vault 2.
  4. Deploy vault-transit for Vault 1 and Vault 2.
  5. Enable auto-unseal for Vault 1 and init seal migration. You need to restart the Vault server pods.
  6. Repeat for Vault 2.

Import

If a vault-consul module instance is removed entirely the data is still available in Consul. So after redeploying these lines help to import the existing data paths.

NAME=vault
KUBERNETES_AUTH_NAME=kubernetes

terraform import module.vault_transit.vault_mount.transit $NAME-transit
terraform import module.vault_transit.vault_transit_secret_backend_key.auto_unseal $NAME-transit/keys/auto-unseal
terraform import module.vault_transit.vault_policy.vault_server $NAME-unseal
terraform import module.vault_transit.vault_auth_backend.kubernetes $KUBERNETES_AUTH_NAME
terraform import module.vault_transit.vault_kubernetes_auth_backend_config.kubernetes auth/$KUBERNETES_AUTH_NAME/config
terraform import module.vault_transit.vault_kubernetes_auth_backend_role.vault_server auth/$KUBERNETES_AUTH_NAME/role/$NAME-unseal

About

Deploy Vault clusters with Auto-Unseal

nimbolus.de/terraform-modules/tf-vault/

Topics

vault terraform terraform-module auto-unseal

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 2

v0.1.1 Latest
Jan 3, 2022
+ 1 release

Contributors 2

  •  
  •  

Languages