vault-formula
Formulas for working with Vault.
Table of Contents
General notes
See the full SaltStack Formulas installation and usage instructions.
If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.
If you want to use this formula, please pay attention to the FORMULA file and/or git tag,
which contains the currently released version. This formula is versioned according to Semantic Versioning.
See Formula Versioning Section for more details.
Contributing to this repo
Commit message formatting is significant!!
Please see How to contribute for more details.
Available states
vault
Install the vault binary
vault.server
Install and configure the vault server
To use it, just include vault in your top.sls, and configure it using pillars:
vault:
version: 1.1.0
platform: linux_amd64
dev_mode: True
verify_download: True
config:
storage:
file:
path: /var/lib/vault/data
listener:
tcp:
address: "127.0.0.1:8200"
tls_disable: True
tls_cert_file: ""
tls_key_file: ""
default_lease_ttl: 768h
max_lease_ttl: 768h
Issues
Vault v0.10.0 introduces a revamped versioned kv backend (version 2), with a breaking change in the paths used to read/write data. This backend is enabled by default when dev mode is enabled.
The Salt execution modules are not compatible with this new backend, therefore if you intend to access Vault in dev mode using the Salt modules, it's suggested to use an outdated, but compatible version of Vault by setting a pillar value e.g. version: 0.9.6.
Testing
Linux testing is done with kitchen-salt.
Requirements
- Ruby
- Docker
gem install bundler bundle install bundle exec kitchen test all
kitchen converge
Creates the docker instance and runs the vault main states, ready for testing.
kitchen verify
Runs the inspec tests on the actual instance.
kitchen destroy
Removes the docker instance.
kitchen test
Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.
kitchen login
Gives you SSH access to the instance for manual testing.
Testing with Vagrant
Windows/FreeBSD/OpenBSD testing is done with kitchen-salt.
Requirements
- Ruby
- Virtualbox
- Vagrant
Setup
$ gem install bundler
$ bundle install --with=vagrant
$ bin/kitchen test [platform]Where [platform] is the platform name defined in kitchen.vagrant.yml,
e.g. windows-81-latest-py3.
Note
When testing using Vagrant you must set the environment variable KITCHEN_LOCAL_YAML to kitchen.vagrant.yml. For example:
$ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test # Alternatively,
$ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
$ bin/kitchen testThen run the following commands as needed.
bin/kitchen converge
Creates the Vagrant instance and runs the vault main states, ready for testing.
bin/kitchen verify
Runs the inspec tests on the actual instance.
bin/kitchen destroy
Removes the Vagrant instance.
bin/kitchen test
Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.
bin/kitchen login
Gives you RDP/SSH access to the instance for manual testing.