Formulas for working with Vault
Install the vault binary
Install and configure the vault server
To use it, just include vault.server in your top.sls, and configure it using pillars:
vault:
version: 1.0.0
listen_protocol: tcp
listen_port: 8200
listen_address: 0.0.0.0
tls_disable: 0
default_lease_ttl: 24h
max_lease_ttl: 24h
self_signed_cert:
enabled: false
backend: {}
dev_mode: true
service:
type: systemd
With a fresh Vault server install, you would have to run approle_config state separately after manually initialising and unseal Vault and this cannot be avoided.
vault:
version: 1.0.0
listen_protocol: tcp
listen_port: 8200
listen_address: 0.0.0.0
tls_disable: 1
default_lease_ttl: 24h
max_lease_ttl: 24h
self_signed_cert:
enabled: false
backend:
type: consul
parameter:
address: "127.0.0.1:8500"
path: vault/
telemetry:
parameter:
dogstatsd_addr: "localhost:8125"
dev_mode: false
addr: http://127.0.0.1:8200
token: xxxx
Testing is done with Test Kitchen for machine setup and inspec for integration tests.
- Ruby
- Docker
gem install bundler bundle install bundle exec kitchen test all