{"id":15140822,"url":"https://github.com/robertdebock/ansible-role-vault","last_synced_at":"2025-10-23T17:31:41.762Z","repository":{"id":40414269,"uuid":"288391450","full_name":"robertdebock/ansible-role-vault","owner":"robertdebock","description":"Install Hashicorp Vault, either a package or a binary.","archived":false,"fork":false,"pushed_at":"2025-01-06T12:26:26.000Z","size":236,"stargazers_count":34,"open_issues_count":0,"forks_count":13,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-02-07T04:11:35.564Z","etag":null,"topics":["ansible","hashicorp","molecule","playbook","security","tox","vault"],"latest_commit_sha":null,"homepage":"https://robertdebock.nl/","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/robertdebock.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"robertdebock"}},"created_at":"2020-08-18T07:54:16.000Z","updated_at":"2025-01-06T10:00:47.000Z","dependencies_parsed_at":"2023-02-17T22:31:12.069Z","dependency_job_id":"d4349500-0150-434b-893b-185356f16459","html_url":"https://github.com/robertdebock/ansible-role-vault","commit_stats":null,"previous_names":[],"tags_count":58,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robertdebock%2Fansible-role-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/robertdebock","download_url":"https://codeload.github.com/robertdebock/ansible-role-vault/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237869073,"owners_count":19379261,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","hashicorp","molecule","playbook","security","tox","vault"],"created_at":"2024-09-26T08:41:34.310Z","updated_at":"2025-10-23T17:31:41.757Z","avatar_url":"https://github.com/robertdebock.png","language":"HCL","funding_links":["https://github.com/sponsors/robertdebock"],"categories":[],"sub_categories":[],"readme":"# [Ansible role vault](#ansible-role-vault)\n\nInstall Hashicorp Vault, either a package or a binary.\n\n|GitHub|GitLab|Downloads|Version|\n|------|------|---------|-------|\n|[![github](https://github.com/robertdebock/ansible-role-vault/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-vault/actions)|[![gitlab](https://gitlab.com/robertdebock-iac/ansible-role-vault/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-vault)|[![downloads](https://img.shields.io/ansible/role/d/robertdebock/vault)](https://galaxy.ansible.com/robertdebock/vault)|[![Version](https://img.shields.io/github/release/robertdebock/ansible-role-vault.svg)](https://github.com/robertdebock/ansible-role-vault/releases/)|\n\n## [Example Playbook](#example-playbook)\n\nThis example is taken from [`molecule/default/converge.yml`](https://github.com/robertdebock/ansible-role-vault/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release.\n\n```yaml\n---\n- name: Converge\n  hosts: all\n  become: true\n  gather_facts: true\n\n  roles:\n    - role: robertdebock.vault\n      vault_hardening_disable_swap: false\n```\n\nThe machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/robertdebock/ansible-role-vault/blob/master/molecule/default/prepare.yml):\n\n```yaml\n---\n- name: Prepare\n  hosts: all\n  become: true\n  gather_facts: false\n\n  roles:\n    - role: robertdebock.bootstrap\n    - role: robertdebock.core_dependencies\n    - role: robertdebock.hashicorp\n```\n\nAlso see a [full explanation and example](https://robertdebock.nl/how-to-use-these-roles.html) on how to use these roles.\n\n## [Role Variables](#role-variables)\n\nThe default values for the variables are set in [`defaults/main.yml`](https://github.com/robertdebock/ansible-role-vault/blob/master/defaults/main.yml):\n\n```yaml\n---\n# defaults file for vault\n\n# Select the type of Vault to install. Either \"oss\", \"ent\" or \"hsm\".\n# `oss` means Vault Open Source/community edition.\n# `ent` means Vault Enterprise.\n# `hsm` means Vault Enterprise with HSM support.\nvault_type: oss\n\n# Set the version of the package to install.\nvault_version: \"1.20.2\"\n\n# For package installations, a \"release\" is required. The package would for example be called `vault-1.12.2-1`.\nvault_package_release: \"1\"\n\n# Select the way to intall Vault. Either \"package\" or \"binary\".\nvault_installation_method: \"package\"\n\n# When `vault_installation_method` is set to \"binary\", set the path where to (temporarily) download Vault.\nvault_download_path: \"/tmp/vault-{{ vault_version }}\"\n\n# When `vault_installation_method` is set to \"binary\", set the (base) path where to install Vault. This can be \"\" or \"/opte\" for example.\nvault_path: \"\"\n\n# When `vault_installation_method` is set to \"binary\", set the user Vault will run under. The user \"root\" is not allowed.\nvault_user: vault\n\n# When `vault_installation_method` is set to \"binary\", set the group Vault will run under. The group \"root\" is not allowed.\nvault_group: vault\n\n# When `vault_installation_method` is set to \"binary\", set the shell for the vault_user.\nvault_user_shell: /bin/false\n\n# Where to store data. That's Raft data and TLS material.\nvault_data_directory: /opt/vault\n\n# Hardening advices to disable swap.\nvault_hardening_disable_swap: true\n\n# Hardening advices to disable core dumps.\nvault_hardening_disable_core_dumps: true\n\n# Hardening advices to disable shell command history.\nvault_hardening_disable_shell_command_history: true\n\n# Hardening advices to configure SELinux / AppArmor.\nvault_hardening_configure_selinux_apparmor: true\n\n# You can place variables that Vault listens to in this list.\n# For example:\n# vault_environment_settings:\n#   - name: VAULT_API_ADDR\n#     value: \"http://127.0.0.1:8200\"\n#   - name: VAULT_CLUSTER_ADDR\n#     value: \"http://127.0.0.1:8201\"\n#   - name: HTTP_PROXY\n#     value: \"http://proxy.example.com:8080\"\n#   - name: HTTPS_PROXY\n#     value: \"https://proxy.example.com:8080\"\n#   - name: NO_PROXY\n#     value: \"*.example.com,1.2.3.4:80,1.2.3.4/8\"\nvault_environment_settings: []\n```\n\n## [Requirements](#requirements)\n\n- pip packages listed in [requirements.txt](https://github.com/robertdebock/ansible-role-vault/blob/master/requirements.txt).\n\n## [State of used roles](#state-of-used-roles)\n\nThe following roles are used to prepare a system. You can prepare your system in another way.\n\n| Requirement | GitHub | GitLab |\n|-------------|--------|--------|\n|[robertdebock.bootstrap](https://galaxy.ansible.com/robertdebock/bootstrap)|[![Build Status GitHub](https://github.com/robertdebock/ansible-role-bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-bootstrap/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-bootstrap/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-bootstrap)|\n|[robertdebock.core_dependencies](https://galaxy.ansible.com/robertdebock/core_dependencies)|[![Build Status GitHub](https://github.com/robertdebock/ansible-role-core_dependencies/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-core_dependencies/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-core_dependencies/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-core_dependencies)|\n|[robertdebock.hashicorp](https://galaxy.ansible.com/robertdebock/hashicorp)|[![Build Status GitHub](https://github.com/robertdebock/ansible-role-hashicorp/workflows/Ansible%20Molecule/badge.svg)](https://github.com/robertdebock/ansible-role-hashicorp/actions)|[![Build Status GitLab](https://gitlab.com/robertdebock-iac/ansible-role-hashicorp/badges/master/pipeline.svg)](https://gitlab.com/robertdebock-iac/ansible-role-hashicorp)|\n\n## [Context](#context)\n\nThis role is part of many compatible roles. Have a look at [the documentation of these roles](https://robertdebock.nl/) for further information.\n\nHere is an overview of related roles:\n![dependencies](https://raw.githubusercontent.com/robertdebock/ansible-role-vault/png/requirements.png \"Dependencies\")\n\n## [Compatibility](#compatibility)\n\nThis role has been tested on these [container images](https://hub.docker.com/u/robertdebock):\n\n|container|tags|\n|---------|----|\n|[Debian](https://hub.docker.com/r/robertdebock/debian)|all|\n|[EL](https://hub.docker.com/r/robertdebock/enterpriselinux)|9|\n|[Fedora](https://hub.docker.com/r/robertdebock/fedora)|all|\n|[Ubuntu](https://hub.docker.com/r/robertdebock/ubuntu)|noble, jammy|\n\nThe minimum version of Ansible required is 2.12, tests have been done on:\n\n- The previous version.\n- The current version.\n- The development version.\n\nIf you find issues, please register them on [GitHub](https://github.com/robertdebock/ansible-role-vault/issues).\n\n## [License](#license)\n\n[Apache-2.0](https://github.com/robertdebock/ansible-role-vault/blob/master/LICENSE).\n\n## [Author Information](#author-information)\n\n[robertdebock](https://robertdebock.nl/)\n\nPlease consider [sponsoring me](https://github.com/sponsors/robertdebock).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobertdebock%2Fansible-role-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobertdebock%2Fansible-role-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobertdebock%2Fansible-role-vault/lists"}