Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ednz-cloud/import_vault_root_ca

Ansible role to install Root CA certificates from Hashicorp Vault PKI engines, on debian-based systems. Mirror from https://git.ednz.fr/ansible-roles/import_vault_root_ca.
https://github.com/ednz-cloud/import_vault_root_ca

ansible ansible-role hashicorp pki tls vault

Last synced: 8 days ago
JSON representation

Ansible role to install Root CA certificates from Hashicorp Vault PKI engines, on debian-based systems. Mirror from https://git.ednz.fr/ansible-roles/import_vault_root_ca.

Host: GitHub
URL: https://github.com/ednz-cloud/import_vault_root_ca
Owner: ednz-cloud
License: mit
Created: 2023-05-21T18:04:35.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-02-05T21:57:13.000Z (9 months ago)
Last Synced: 2024-05-08T00:21:16.123Z (6 months ago)
Topics: ansible, ansible-role, hashicorp, pki, tls, vault
Homepage: https://ednz.fr
Size: 34.2 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

import_vault_root_ca
=========
> This repository is only a mirror. Development and testing is done on a private gitea server.

This role imports root CA certificates from Vault to the trust store on **debian-based** distributions.

Requirements
------------

None.

Role Variables
--------------
Available variables are listed below, along with default values. A sample file for the default values is available in `default/import_vault_root_ca.yml.sample` in case you need it for any `group_vars` or `host_vars` configuration.

```yaml
import_vault_root_ca_certificate_force_download: false # by default, set to false
```
This variable defines whether the role should always download the provided certificate even if it already exists. This can be useful if you want to replace an existing CA, but note that **it breaks idempotence**.

```yaml
import_vault_root_ca_certificate_list: [] # by default, set to an empty dict
- url:
cert_name:
```
This variable defines which CA certificate to install on the machine, it is only tested with CA from Hashicorp Vault pki engine, but should work with any CA that can be downloaded from a webserver.

Dependencies
------------

`ednz_cloud.manage_apt_packages` to install consul-template.

Example Playbook
----------------

```yaml
# calling the role inside a playbook with either the default or group_vars/host_vars
- hosts: servers
roles:
- ednz_cloud.import_vault_root_ca
```

License
-------

MIT / BSD

Author Information
------------------

This role was created by Bertrand Lanson in 2023.