Role to run Vault in a docker container

• Default Variables
  • docker_container_vault_auto_unseal
  • docker_container_vault_capabilities
  • docker_container_vault_command
  • docker_container_vault_env
  • docker_container_vault_image
  • docker_container_vault_labels
  • docker_container_vault_name
  • docker_container_vault_networks
  • docker_container_vault_ports
  • docker_container_vault_restic_enable
  • docker_container_vault_restic_retention
  • docker_container_vault_restic_s3_bucket_name
  • docker_container_vault_restic_s3_endpoint
  • docker_container_vault_restic_s3_repo
  • docker_container_vault_restic_s3_repo_access_key
  • docker_container_vault_restic_s3_repo_password
  • docker_container_vault_restic_s3_repo_secret_key
  • docker_container_vault_restic_tag
  • docker_container_vault_volume_dir
  • docker_container_vault_volumes
  • docker_image_vault_name
  • docker_image_vault_pull
  • docker_network_vault_name
• Discovered Tags
• Dependencies
• License
• Author

Set to true to auto unseal

docker_container_vault_auto_unseal: false

List of docker capabilities

docker_container_vault_capabilities:
  - IPC_LOCK

docker command

docker_container_vault_command: server

Dictionery of key,value pairs for docker environment variables to configure vault.

docker_container_vault_env:
  VAULT_ADDR: http://127.0.0.1:8200
  VAULT_LOCAL_CONFIG: '{"backend": {"file": {"path": "/vault/data"}}, "listener":
    {"tcp": {"address": "0.0.0.0:8200", "tls_disable": "true"}}, "default_lease_ttl":
    "168h", "max_lease_ttl": "720h", "ui": "true"}'

Repository path and tag used to create the container. If an image is not found or pull is true, the image will be pulled from the registry. If no tag is included, latest will be used.

docker_container_vault_image: '{{ docker_image_vault_name }}'

Dictionary of key value pairs for container labels.

Example:

docker_container_vault_labels:

traefik.enable: "true"

docker_container_vault_labels: {}

Name for the container

docker_container_vault_name: vault

List of networks the container belongs to.

docker_container_vault_networks:
  - name: '{{ docker_network_vault_name }}'

List of ports to publish from the container to the host.

docker_container_vault_ports:
  - 8200:8200

Enable restic backup for the container's mounted volumes.

docker_container_vault_restic_enable: false

Retention settions for restic forget after the restic backup.

docker_container_vault_restic_retention:
  keep_last: 1
  keep_daily: 7
  keep_weekly: 4

Minio S3 bucket name for restic backup storage.

docker_container_vault_restic_s3_bucket_name: restic-{{ docker_container_vault_name
  }}

Minio S3 endpoint for restic backup storage.

Example:

docker_container__base__restic_s3_endpoint: "https://minio.{{ dns_domain }}"

docker_container_vault_restic_s3_endpoint: "{{ docker_container__base__restic_s3_endpoint }}"

docker_container_vault_restic_s3_endpoint: '{{ docker_container__base__restic_s3_endpoint
  }}'

Minio S3 repo URL for restic backup storage.

docker_container_vault_restic_s3_repo: s3:{{ docker_container_vault_restic_s3_endpoint
  }}/{{ docker_container_vault_restic_s3_bucket_name }}

Minio S3 repo access key for restic backup storage.

docker_container_vault_restic_s3_repo_access_key: '{{ docker_container__base__restic_s3_repo_access_key
  }}'

Minio S3 repo password for restic backup storage.

docker_container_vault_restic_s3_repo_password: '{{ docker_container__base__restic_s3_repo_password
  }}'

Minio S3 repo secret key for restic backup storage.

docker_container_vault_restic_s3_repo_secret_key: '{{ docker_container__base__restic_s3_repo_secret_key
  }}'

Tag for the restic backup command

docker_container_vault_restic_tag: '{{ docker_container_vault_name }}'

Volume mount host directory, where Treafik config files are stored.

docker_container_vault_volume_dir: '{{ docker_container__base__volume_dir }}/{{ docker_container_vault_name
  }}'

List of volumes to mount within the container.

docker_container_vault_volumes:
  - '{{ docker_container_vault_volume_dir }}/config:/vault/config'
  - '{{ docker_container_vault_volume_dir }}/policies:/vault/policies'
  - '{{ docker_container_vault_volume_dir }}/data:/vault/data'
  - '{{ docker_container_vault_volume_dir }}/logs:/vault/logs'

Repository path and tag for the container image.

docker_image_vault_name: vault

Indicate to always pull the docker image.

docker_image_vault_pull: false

Name of the docker network created for vault.

docker_network_vault_name: '{{ docker_container_vault_name }}_backend'

docker-container-backup-all
 Backup all containers' volume mounts.

docker-container-backup-init-all
 Run init backup task for all container.

docker-container-backup-init-vault
 Run init backup task for vault if restic is enabled.

docker-container-backup-list-all
 List all containers' backups.

docker-container-backup-list-vault
 List vault backups.

docker-container-backup-vault
 Backup vault volume mounts.

docker-container-prereq-all
 Ensure all pre-requisites are installed

docker-container-prereq-vault
 Ensure all pre-requisites for vault are installed

docker-container-purge-all
 Remove all containers and delete volume mounts.

docker-container-purge-vault
 Remove vault and delete volume mounts.

docker-container-remove-all
 Remove all containers.

docker-container-remove-vault
 Remove vault.

docker-container-restore-all
 Run restic restore for all restic enabled containers.

docker-container-restore-vault
 Run restic restore for vault if restic is enabled.

docker-container-setup-all
 Run setup task for all containers.

docker-container-setup-vault
 Run setup task for vault.

docker-container-unseal-vault
 Run unseal task for vault.

never

None.

license (GPL-2.0-or-later, MIT, etc)

andif888