Formulas for working with Vault.

See the full SaltStack Formulas installation and usage instructions.

If you are interested in writing or contributing to formulas, please pay attention to the Writing Formula Section.

If you want to use this formula, please pay attention to the FORMULA file and/or git tag, which contains the currently released version. This formula is versioned according to Semantic Versioning.

See Formula Versioning Section for more details.

Commit message formatting is significant!!

Please see How to contribute for more details.

Install the vault binary

Install and configure the vault server

To use it, just include vault in your top.sls, and configure it using pillars:

vault:
  version: 1.1.0
  platform: linux_amd64
  dev_mode: True
  verify_download: True
  config:
    storage:
      file:
        path: /var/lib/vault/data
    listener:
      tcp:
        address: "127.0.0.1:8200"
        tls_disable: True
        tls_cert_file: ""
        tls_key_file: ""
    default_lease_ttl: 768h
    max_lease_ttl: 768h

Vault v0.10.0 introduces a revamped versioned kv backend (version 2), with a breaking change in the paths used to read/write data. This backend is enabled by default when dev mode is enabled.

The Salt execution modules are not compatible with this new backend, therefore if you intend to access Vault in dev mode using the Salt modules, it's suggested to use an outdated, but compatible version of Vault by setting a pillar value e.g. version: 0.9.6.

Linux testing is done with kitchen-salt.

• Ruby
• Docker

gem install bundler
bundle install
bundle exec kitchen test all

Creates the docker instance and runs the vault main states, ready for testing.

Runs the inspec tests on the actual instance.

Removes the docker instance.

Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.

Gives you SSH access to the instance for manual testing.

Windows/FreeBSD/OpenBSD testing is done with kitchen-salt.

• Ruby
• Virtualbox
• Vagrant

$ gem install bundler
$ bundle install --with=vagrant
$ bin/kitchen test [platform]

Where [platform] is the platform name defined in kitchen.vagrant.yml, e.g. windows-81-latest-py3.

When testing using Vagrant you must set the environment variable KITCHEN_LOCAL_YAML to kitchen.vagrant.yml. For example:

$ KITCHEN_LOCAL_YAML=kitchen.vagrant.yml bin/kitchen test      # Alternatively,
$ export KITCHEN_LOCAL_YAML=kitchen.vagrant.yml
$ bin/kitchen test

Then run the following commands as needed.

Creates the Vagrant instance and runs the vault main states, ready for testing.

Runs the inspec tests on the actual instance.

Removes the Vagrant instance.

Runs all of the stages above in one go: i.e. destroy + converge + verify + destroy.

Gives you RDP/SSH access to the instance for manual testing.