{"id":15022532,"url":"https://github.com/puppetlabs/puppetlabs-vault","last_synced_at":"2025-10-19T17:30:56.210Z","repository":{"id":49109903,"uuid":"215152231","full_name":"puppetlabs/puppetlabs-vault","owner":"puppetlabs","description":"Puppet module that provides the Vault plugin for Bolt","archived":false,"fork":false,"pushed_at":"2021-06-28T17:00:03.000Z","size":36,"stargazers_count":2,"open_issues_count":1,"forks_count":7,"subscribers_count":64,"default_branch":"main","last_synced_at":"2024-09-27T21:43:04.123Z","etag":null,"topics":["module","supported"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/puppetlabs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null}},"created_at":"2019-10-14T21:54:25.000Z","updated_at":"2022-06-23T21:21:56.000Z","dependencies_parsed_at":"2022-09-26T20:30:37.630Z","dependency_job_id":null,"html_url":"https://github.com/puppetlabs/puppetlabs-vault","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fpuppetlabs-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fpuppetlabs-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fpuppetlabs-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/puppetlabs%2Fpuppetlabs-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/puppetlabs","download_url":"https://codeload.github.com/puppetlabs/puppetlabs-vault/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219869264,"owners_count":16555575,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["module","supported"],"created_at":"2024-09-24T19:58:04.941Z","updated_at":"2025-10-19T17:30:50.920Z","avatar_url":"https://github.com/puppetlabs.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"## Bolt Vault plugin\n\nThis module provides a plugin which allows config values to be set by accessing secrets from a\nKey/Value engine on a Vault server.\n\n#### Table of Contents\n\n1. [Requirements](#requirements)\n2. [Usage](#usage)\n3. [Examples](#examples)\n\n## Requirements\n\nYou will need to have a Vault server running, and a way to [authenticate](#authentication-methods) with the server\n\n## Usage\n\nThe Vault plugin supports several options:\n- `server_url`: The URL of the Vault server (optional, defaults to `ENV['VAULT_ADDR']`)\n- `auth`: The method for authorizing with the Vault server and any necessary parameters (optional, defaults to `ENV['VAULT_TOKEN']`)\n- `path`: The path to the secrets engine (required)\n- `field`: The specific secret being used (optional, defaults to a Ruby hash of all secrets at the `path`)\n- `version`: The version of the K/V engine (optional, defaults to 1)\n- `cacert`: Path to the CA certificate (optional, required if using TLS)\n\n### Authentication Methods\n\nVault requires a token to assign an identity and set of policies to a user before accessing secrets.\nThe Vault plugin offers 2 authentication methods:\n\n#### Token\n\nAuthenticate using a token. This method requires the following fields:\n\n-   `method`: The value of `method` must be `token`\n-   `token`: The token to authenticate with\n\n#### Userpass\n\nRequest a token by logging into the Vault server with a username and password. This method requires\nthe following fields:\n\n-   `method`: The value of `method` must be `userpass`\n-   `user`: The username\n-   `pass`: The password\n\n## Examples\n\nYou can add any Vault plugin field to the inventory configuration. The following example shows how\nyou would access the `private-key` secret on a KVv2 engine mounted at `secrets/bolt`:\n\n```\nversion: 2\ntargets:\n  - ...\nconfig:\n  ssh:\n    user: root\n    private-key:\n      key-data:\n        _plugin: vault\n        server_url: http://127.0.0.1:8200\n        auth:\n          method: userpass\n          user: bolt\n          pass: bolt\n        path: secrets/bolt\n        field: private-key\n        version: 2\n```\n\nYou can also set configuration in your [Bolt config file](https://puppet.com/docs/bolt/latest/configuring_bolt.html) \nunder the `plugins` field. If a field is set in both the inventory file and the config file, Bolt\nwill use the value set in the inventory file. The available fields for the config file are:\n\n-   `server_url`\n-   `cacert`\n-   `auth`\n\n```\nplugins:\n  vault:\n    server_url: https://127.0.0.1:8200\n    cacert: /path/to/ca\n    auth:\n      method: token\n      token: xxxxx-xxxxx\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpuppetlabs%2Fpuppetlabs-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpuppetlabs%2Fpuppetlabs-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpuppetlabs%2Fpuppetlabs-vault/lists"}