https://github.com/hexedpackets/chef-vault

Chef cookbook for managing Vault.
https://github.com/hexedpackets/chef-vault

Last synced: 3 months ago
JSON representation

Chef cookbook for managing Vault.

• Host: GitHub
• URL: https://github.com/hexedpackets/chef-vault
• Owner: hexedpackets
• License: mit
• Created: 2015-04-28T18:42:51.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2016-03-02T21:16:49.000Z (over 10 years ago)
• Last Synced: 2025-04-05T08:03:10.201Z (about 1 year ago)
• Language: Ruby
• Homepage:
• Size: 11.7 KB
• Stars: 2
• Watchers: 2
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# chef-vault

Chef cookbook for managing [Vault](https://vaultproject.io).

In client mode, only the Vault binary will be installed.

In server mode, the binary will be installed, configured, and started as server.

WARNING: The default behavior of the server is to start unconfigured. You must run `vault init` to generate the unseal keys and the initial root token.

###Requirements

#### Platforms

- Debian/Ubuntu

#### Chef

- Chef 11+

#### Cookbooks

- none

### Attributes

#### vault::default

  

    Key

    Type

    Description

    Default

  

  

    [:vault][:bin_dir]

    String

    Directory to install the vault binary.

    /usr/local/bin

  

  

    [:vault][:version]

    String

    Version of Vault to install.

    0.1.0

  

  

    [:vault][:mode]

    String

    Indicates whether to install just the vault binary, or also start it as a server. Valud values are "client" and "server".

    client

  

  

    [:vault][:server][:config]

    String

    Location of the configuration file.

    /etc/vault.hcl

  

  

    [:vault][:server][:service_name]

    String

    Name of the service as seen by the init system.

    vault

  

  

    [:vault][:server][:init_type]

    String

    Init system to run the server under. Currenly only upstart is supported.

    upstart

  

  

    [:vault][:server][:oom_score]

    Integer

    OOM score adjustment in the init config.

    -100

  

  

    [:vault][:server][:backends]

    Hash

    Name of backends to enable along with their configurations.

    {

  consul: {

    address: "demo.consul.io:80",

    path: "vault"

  }

}

  

  

    [:vault][:server][:listeners]

    Hash

    Name of listeners to enable along with their configurations.

    {

  tcp: {

    address: "127.0.0.1:8200",

    tls_cert_file: "/etc/ssl/certificate.crt",

    tls_key_file: "/etc/ssl/key.pem"

  }

}

  

### Usage

#### vault::default

Just include `vault` in your node's `run_list`. This will load either `vault::client` or `vault::server` depending on the value of `node[:vault][:mode]`.

```json

{

  "name":"my_node",

  "run_list": [

    "recipe[vault]"

  ]

}

```