vault: Install & configure a Vault server or Vault Agentvault::config: Set the Vault config via JSON file & optionally set up a system servicevault::install: Install Vault, either from a repository or archivevault::params: Parameters for thevaultclass. It sets variables according to platform.vault::service: Manage the Vault system service, enabled by default
Install & configure a Vault server or Vault Agent
include vaultclass { 'vault':
version => '1.11.1',
}The following parameters are available in the vault class:
usermanage_usergroupmanage_groupbin_dirconfig_dirconfig_modemanage_config_filepurge_config_dirdownload_urldownload_url_basedownload_extensionservice_nameservice_enableservice_ensureservice_providerservice_typeservice_optionsmanage_repomanage_servicemanage_service_filestoragemanage_storage_dirlistenerha_storagesealdisable_cachetelemetrydefault_lease_ttlmax_lease_ttldisable_mlockmanage_file_capabilitiesnum_procsinstall_methodpackage_namepackage_ensuredownload_dirmanage_download_dirdownload_filenameversionos_typearchenable_uiapi_addrextra_config
Data type: String
Customise the user vault runs as, will also create the user unless manage_user is false.
Default value: $vault::params::user
Data type: Boolean
Whether or not the module should create the user.
Default value: $vault::params::manage_user
Data type: String
Customise the group vault runs as, will also create the user unless manage_group is false.
Default value: $vault::params::group
Data type: Boolean
Whether or not the module should create the group.
Default value: $vault::params::manage_group
Data type: String
Directory the vault executable will be installed in.
Default value: $vault::params::bin_dir
Data type: String
Directory the vault configuration will be kept in.
Default value: $vault::params::config_dir
Data type: String
Mode of the configuration file (config.json). Defaults to '0750'
Default value: $vault::params::config_mode
Data type: Boolean
Whether the config_file should be managed
Default value: $vault::params::manage_config_file
Data type: Boolean
Whether the config_dir should be purged before installing the
generated config.
Default value: true
Data type: Optional[String]
Manual URL to download the vault zip distribution from.
Default value: $vault::params::download_url
Data type: String
HashiCorp base URL to download vault zip distribution from.
Default value: $vault::params::download_url_base
Data type: String
The extension of the vault download
Default value: $vault::params::download_extension
Data type: String
Customise the name of the system service
Default value: $vault::params::service_name
Data type: Boolean
Set the enable value for service[$service_name]
Default value: $vault::params::service_enable
Data type: String
Set the ensure value for service[$service_name]
Default value: $vault::params::service_ensure
Data type: String
Customise the name of the system service provider; this also controls the init configuration files that are installed.
Default value: $vault::params::service_provider
Data type: String
Choose between server or agent for which mode you want the
Vault binary to run as.
Default value: $vault::params::service_type
Data type: Optional[String]
Additional arguments or options, passed directly to the command run by the service
Default value: $vault::params::service_options
Data type: Boolean
Configure the upstream HashiCorp repository. Only relevant when $vault::install_method = 'repo'.
Default value: $vault::params::manage_repo
Data type: Boolean
Instruct puppet to manage service or not
Default value: $vault::params::manage_service
Data type: Optional[Boolean]
Whether to override the per-install-method management of the service file
Default value: $vault::params::manage_service_file
Data type: Hash
Hash representation of the storage Vault config stanza
Default value: $vault::params::storage
Data type: Boolean
Whether or not the directory for storing data is managed by this module If manage_storage_dir is true and a file or raft storage backend is configured, we create the directory configured in that backend.
Default value: $vault::params::manage_storage_dir
Data type: Variant[Hash, Array[Hash]]
Hash representation of the listener Vault config stanza
Default value: $vault::params::listener
Data type: Optional[Hash]
Hash representation of the ha_storage Vault config stanza
Default value: $vault::params::ha_storage
Data type: Optional[Hash]
Hash representation of the seal Vault config stanza
Default value: $vault::params::seal
Data type: Optional[Boolean]
Sets the disable_cache Vault config value
Default value: $vault::params::disable_cache
Data type: Optional[Hash]
Hash representation of the telemetry Vault config
Default value: $vault::params::telemetry
Data type: Optional[String]
Sets the default_lease_ttl Valut config value
Default value: $vault::params::default_lease_ttl
Data type: Optional[String]
Sets the max_lease_ttl Valut config value
Default value: $vault::params::max_lease_ttl
Data type: Optional[Boolean]
Sets the disable_mlock Valut config value
Default value: $vault::params::disable_mlock
Data type: Optional[Boolean]
Tightly coupled to $disable_mlock, see vault::install for details
Default value: $vault::params::manage_file_capabilities
Data type: Integer
Sets the GOMAXPROCS environment variable, to determine how many CPUs Vault
can use. The official Vault Terraform install.sh script sets this to the
output of nprocs, with the comment, "Make sure to use all our CPUs,
because Vault can block a scheduler thread". Default: number of CPUs
on the system.
Default value: $vault::params::num_procs
Data type: Enum['archive', 'repo']
Can be one of archive or repo
repowill use a HashiCorp package repository to install Vaultarchivewill use a HashiCorp ZIP artifact to install Vault
Default value: $vault::params::install_method
Data type: String
The name of the package to install if using $install_method = 'repo'
Default value: $vault::params::package_name
Data type: String
Set the ensure parameter for a package install if using $install_method = 'repo'
Default value: $vault::params::package_ensure
Data type: String
The directory to download to when using $install_method = 'archive'
Default value: $vault::params::download_dir
Data type: Boolean
Whether or not to create/manage the download directory when using $install_method = 'archive'
Default value: $vault::params::manage_download_dir
Data type: String
The name of the downloaded file when using $install_method = 'archive'
Default value: $vault::params::download_filename
Data type: String
The version of Vault to install
Default value: $vault::params::version
Data type: String
Override the $facts['kernel'] supplied OS value (e.g., 'Linux')
Default value: $vault::params::os_type
Data type: String
Override the $facts['os']['architecture'] supplied architecture value
Default value: $vault::params::arch
Data type: Optional[Boolean]
Whether or not to enable the Vault web UI
Default value: $vault::params::enable_ui
Data type: Optional[String]
Specifies the address (full URL) to advertise to other Vault servers in the cluster for client redirection. This value is also used for plugin backends. This can also be provided via the environment variable VAULT_API_ADDR. In general this should be set as a full URL that points to the value of the listener address
Default value: undef
Data type: Hash
Hash representation of any additional Vault configuration not already represented
Default value: {}
Set the Vault config via JSON file & optionally set up a system service
Install Vault, either from a repository or archive
Parameters for the vault class.
It sets variables according to platform.
Manage the Vault system service, enabled by default