scs/system-config
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
system-config/playbooks/roles/hashivault
History
Artem Goncharov 65e4c10460 series of updates
2023-06-28 11:43:37 +02:00
..
defaults
series of updates
2023-06-28 11:43:37 +02:00
handlers
series of updates
2023-06-28 11:43:37 +02:00
tasks
series of updates
2023-06-28 11:43:37 +02:00
templates
series of updates
2023-06-28 11:43:37 +02:00
vars
Initial data
2023-03-29 13:35:19 +02:00
README.rst
series of updates
2023-06-28 11:43:37 +02:00

README.rst

HashiCorp Vault

Install HashiCorp Vault:

  • register hashicorp package registry
  • install vault
  • copy certificates (from vault_tls_cert_content and vault_tls_cert_key_content vars)
  • enable and start vault systemd unit

Vars

  • inventory_hostname - server hostname used in api_addr and cluster_addr
  • vault_tls_cert_content - TLS cert content
  • vault_tls_key_content - TLS key content
  • vault_cluster_nodes - list of inventory hostnames building single cluster (retry_join)
  • vault_storage_path: "/opt/vault/data"
  • vault_plugin_path: "/etc/vault.d/plugins"
  • vault_enable_ui: false
  • vault_owner: "vault"
  • vault_group: "vault"
  • vault_tls_cert_file: "/etc/ssl/{{ inventory_hostname }}/vault/vault-fullchain.crt"
  • vault_tls_key_file: "/etc/ssl/{{ inventory_hostname }}/vault/vault.pem"
  • vault_plugins: []
  • hashicorp_gpg_key - GPG key of the HashiCorp repo