Role to run Vault in a docker container
- Default Variables
- docker_container_vault_auto_unseal
- docker_container_vault_capabilities
- docker_container_vault_command
- docker_container_vault_env
- docker_container_vault_image
- docker_container_vault_labels
- docker_container_vault_name
- docker_container_vault_networks
- docker_container_vault_ports
- docker_container_vault_restic_enable
- docker_container_vault_restic_retention
- docker_container_vault_restic_s3_bucket_name
- docker_container_vault_restic_s3_endpoint
- docker_container_vault_restic_s3_repo
- docker_container_vault_restic_s3_repo_access_key
- docker_container_vault_restic_s3_repo_password
- docker_container_vault_restic_s3_repo_secret_key
- docker_container_vault_restic_tag
- docker_container_vault_volume_dir
- docker_container_vault_volumes
- docker_image_vault_name
- docker_image_vault_pull
- docker_network_vault_name
- Discovered Tags
- Dependencies
- License
- Author
Set to true to auto unseal
docker_container_vault_auto_unseal: false
List of docker capabilities
docker_container_vault_capabilities:
- IPC_LOCK
docker command
docker_container_vault_command: server
Dictionery of key,value pairs for docker environment variables to configure vault.
docker_container_vault_env:
VAULT_ADDR: http://127.0.0.1:8200
VAULT_LOCAL_CONFIG: '{"backend": {"file": {"path": "/vault/data"}}, "listener":
{"tcp": {"address": "0.0.0.0:8200", "tls_disable": "true"}}, "default_lease_ttl":
"168h", "max_lease_ttl": "720h", "ui": "true"}'
Repository path and tag used to create the container. If an image is not found or pull is true, the image will be pulled from the registry. If no tag is included, latest will be used.
docker_container_vault_image: '{{ docker_image_vault_name }}'
Dictionary of key value pairs for container labels.
Example:
docker_container_vault_labels:
traefik.enable: "true"
docker_container_vault_labels: {}
Name for the container
docker_container_vault_name: vault
List of networks the container belongs to.
docker_container_vault_networks:
- name: '{{ docker_network_vault_name }}'
List of ports to publish from the container to the host.
docker_container_vault_ports:
- 8200:8200
Enable restic backup for the container's mounted volumes.
docker_container_vault_restic_enable: false
Retention settions for restic forget
after the restic backup
.
docker_container_vault_restic_retention:
keep_last: 1
keep_daily: 7
keep_weekly: 4
Minio S3 bucket name for restic backup storage.
docker_container_vault_restic_s3_bucket_name: restic-{{ docker_container_vault_name
}}
Minio S3 endpoint for restic backup storage.
Example:
docker_container__base__restic_s3_endpoint: "https://minio.{{ dns_domain }}"
docker_container_vault_restic_s3_endpoint: "{{ docker_container__base__restic_s3_endpoint }}"
docker_container_vault_restic_s3_endpoint: '{{ docker_container__base__restic_s3_endpoint
}}'
Minio S3 repo URL for restic backup storage.
docker_container_vault_restic_s3_repo: s3:{{ docker_container_vault_restic_s3_endpoint
}}/{{ docker_container_vault_restic_s3_bucket_name }}
Minio S3 repo access key for restic backup storage.
docker_container_vault_restic_s3_repo_access_key: '{{ docker_container__base__restic_s3_repo_access_key
}}'
Minio S3 repo password for restic backup storage.
docker_container_vault_restic_s3_repo_password: '{{ docker_container__base__restic_s3_repo_password
}}'
Minio S3 repo secret key for restic backup storage.
docker_container_vault_restic_s3_repo_secret_key: '{{ docker_container__base__restic_s3_repo_secret_key
}}'
Tag for the restic backup
command
docker_container_vault_restic_tag: '{{ docker_container_vault_name }}'
Volume mount host directory, where Treafik config files are stored.
docker_container_vault_volume_dir: '{{ docker_container__base__volume_dir }}/{{ docker_container_vault_name
}}'
List of volumes to mount within the container.
docker_container_vault_volumes:
- '{{ docker_container_vault_volume_dir }}/config:/vault/config'
- '{{ docker_container_vault_volume_dir }}/policies:/vault/policies'
- '{{ docker_container_vault_volume_dir }}/data:/vault/data'
- '{{ docker_container_vault_volume_dir }}/logs:/vault/logs'
Repository path and tag for the container image.
docker_image_vault_name: vault
Indicate to always pull the docker image.
docker_image_vault_pull: false
Name of the docker network created for vault.
docker_network_vault_name: '{{ docker_container_vault_name }}_backend'
docker-container-backup-all
Backup all containers' volume mounts.
docker-container-backup-init-all
Run init backup task for all container.
docker-container-backup-init-vault
Run init backup task for vault if restic is enabled.
docker-container-backup-list-all
List all containers' backups.
docker-container-backup-list-vault
List vault backups.
docker-container-backup-vault
Backup vault volume mounts.
docker-container-prereq-all
Ensure all pre-requisites are installed
docker-container-prereq-vault
Ensure all pre-requisites for vault are installed
docker-container-purge-all
Remove all containers and delete volume mounts.
docker-container-purge-vault
Remove vault and delete volume mounts.
docker-container-remove-all
Remove all containers.
docker-container-remove-vault
Remove vault.
docker-container-restore-all
Run restic restore for all restic enabled containers.
docker-container-restore-vault
Run restic restore for vault if restic is enabled.
docker-container-setup-all
Run setup task for all containers.
docker-container-setup-vault
Run setup task for vault.
docker-container-unseal-vault
Run unseal task for vault.
never
None.
license (GPL-2.0-or-later, MIT, etc)
andif888