Hashicorp Vault plugin for Netflix Lemur.
- Lemur 0.6.0
- Hashicorp Vault 0.6.2 and above.
- Configure the Vault PKI as Certificate Authority.
- To install the plugin, add the needed options to your lemur.conf.py file:
# Hashicorp Vault Plugin
# Basic options:
(REQUIRED) VAULT_URL = 'http://myvault.com:8200'
(REQUIRED) VAULT_PKI_URL = VAULT_URL + '/v1/pki'
# For HTTPS add the path to the certificate chain.
(OPTIONAL) VAULT_CA = '/path/ca/certificate'
# Authentication options:
(REQUIRED) VAULT_AUTH = 'TOKEN' | 'USERPASS' | 'CERT' | 'APPROLE' | 'LDAP' | 'GCP'
VAULT_AUTH_PATH = 'authentication mounting point name' # Default to be the auth name
# Token Auth
VAULT_AUTH_TOKEN = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
# LDAP/Userpass Auth
VAULT_AUTH_USERNAME = 'myvaultuser'
VAULT_AUTH_PASSWORD = 'Vault123'
# TLS Certificates Auth
VAULT_AUTH_CERT = '/tmp/crt.pem
VAULT_AUTH_CERTKEY = '/tmp/key.pem
# GCP Auth
VAULT_AUTH_ROLE = 'myvaultrole'
VAULT_AUTH_ACCOUNT = 'mygcpaccount'
# AppRole Auth
VAULT_AUTH_ROLE = 'myvaultrole'
VAULT_AUTH_SECRET = 'approle_secret_id'- Deploy and install the files.
# Install Vault Plugin
cd lemur/plugins/
git clone https://github.com/RcRonco/lemur_vault
cd lemur_vault
pip install .- Create a Certificate Authority in the lemur web interface.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature - Commit your changes:
git commit -am 'Add some feature' - Push to the branch:
git push origin my-new-feature - Submit a pull request :D