cookbook 'hashicorp-vault', '= 5.2.0'
hashicorp-vault
(58) Versions
5.2.0
-
-
6.3.19
-
6.3.18
-
6.3.17
-
6.3.16
-
6.3.15
-
6.3.14
-
6.3.13
-
6.3.12
-
6.3.11
-
6.3.10
-
6.3.9
-
6.3.8
-
6.3.7
-
6.3.6
-
6.3.5
-
6.3.4
-
6.3.3
-
6.3.2
-
6.3.1
-
6.3.0
-
6.2.0
-
6.1.0
-
6.0.3
-
6.0.2
-
6.0.1
-
6.0.0
-
5.3.1
-
5.3.0
-
5.2.0
-
5.1.0
-
5.0.2
-
5.0.1
-
5.0.0
-
4.3.0
-
4.2.0
-
4.1.0
-
4.0.1
-
4.0.0
-
3.0.2
-
3.0.1
-
3.0.0
-
2.5.0
-
2.4.0
-
2.3.0
-
2.2.0
-
2.1.1
-
2.1.0
-
2.0.0
-
1.5.1
-
1.5.0
-
1.4.0
-
1.3.1
-
1.3.0
-
1.2.1
-
1.2.0
-
1.1.0
-
1.0.1
-
1.0.0
Follow20
- 6.3.19
- 6.3.18
- 6.3.17
- 6.3.16
- 6.3.15
- 6.3.14
- 6.3.13
- 6.3.12
- 6.3.11
- 6.3.10
- 6.3.9
- 6.3.8
- 6.3.7
- 6.3.6
- 6.3.5
- 6.3.4
- 6.3.3
- 6.3.2
- 6.3.1
- 6.3.0
- 6.2.0
- 6.1.0
- 6.0.3
- 6.0.2
- 6.0.1
- 6.0.0
- 5.3.1
- 5.3.0
- 5.2.0
- 5.1.0
- 5.0.2
- 5.0.1
- 5.0.0
- 4.3.0
- 4.2.0
- 4.1.0
- 4.0.1
- 4.0.0
- 3.0.2
- 3.0.1
- 3.0.0
- 2.5.0
- 2.4.0
- 2.3.0
- 2.2.0
- 2.1.1
- 2.1.0
- 2.0.0
- 1.5.1
- 1.5.0
- 1.4.0
- 1.3.1
- 1.3.0
- 1.2.1
- 1.2.0
- 1.1.0
- 1.0.1
- 1.0.0
Application cookbook for installing and configuring Vault.
cookbook 'hashicorp-vault', '= 5.2.0', :supermarket
knife supermarket install hashicorp-vault
knife supermarket download hashicorp-vault
hashicorp-vault cookbook
Install and configure Hashicorp Vault in server and agent mode.
Version 5.0.0 constitutes a major change and rewrite, please see [UPGRADING.md](./UPGRADING.md).
Maintainers
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.
Platforms
The following platforms have been certified with integration tests
using Test Kitchen:
- Debian/Ubuntu
- RHEL/CentOS and derivatives
- Fedora and derivatives
Requirements
- Chef 14+
- ark Community Cookbook (https://supermarket.chef.io/cookbooks/ark)
Usage
It is recommended to create a project or organization specific wrapper cookbook and add the desired custom resources to the run list of a node. Depending on your environment, you may have multiple roles that use different recipes from this cookbook. Adjust any attributes as desired.
Example of a basic server configuration using Hashicorp HCL for configuration
hashicorp_vault_install 'package' do action :upgrade end hashicorp_vault_config_global 'vault' do sensitive false telemetry( statsite_address: '127.0.0.1:8125', disable_hostname: true ) notifies :restart, 'hashicorp_vault_service[vault]', :delayed action :create end hashicorp_vault_config_listener 'tcp' do options( 'address' => '127.0.0.1:8200', 'cluster_address' => '127.0.0.1:8201', 'tls_cert_file' => '/opt/vault/tls/tls.crt', 'tls_key_file' => '/opt/vault/tls/tls.key', 'telemetry' => { 'unauthenticated_metrics_access' => false, } ) notifies :restart, 'hashicorp_vault_service[vault]', :delayed end hashicorp_vault_config_storage 'Test file storage' do type 'file' options( 'path' => '/opt/vault/data' ) notifies :restart, 'hashicorp_vault_service[vault]', :delayed end hashicorp_vault_service 'vault' do action %i(create enable start) end
External Documentation
Resources
- [hashicorp_vault_config_auto_auth](documentation/hashicorp_vault_config_auto_auth.md)
- [hashicorp_vault_config_entropy](documentation/hashicorp_vault_config_entropy.md)
- [hashicorp_vault_config_global](documentation/hashicorp_vault_config_global.md)
- [hashicorp_vault_config_listener](documentation/hashicorp_vault_config_listener.md)
- [hashicorp_vault_config_seal](documentation/hashicorp_vault_config_seal.md)
- [hashicorp_vault_config_service_registration](documentation/hashicorp_vault_config_service_registration.md)
- [hashicorp_vault_config_storage](documentation/hashicorp_vault_config_storage.md)
- [hashicorp_vault_config_template](documentation/hashicorp_vault_config_template.md)
- [hashicorp_vault_config](documentation/hashicorp_vault_config.md)
- [hashicorp_vault_install](documentation/hashicorp_vault_install.md)
- [hashicorp_vault_service](documentation/hashicorp_vault_service.md)
Contributors
This project exists thanks to all the people who contribute.
Backers
Thank you to all our backers!
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
Change Log
All notable changes to this project will be documented in this file.
5.2.0 - 2021-02-09
- Support ark installation for aarch64/i386/x86_64 architectures
5.1.0 - 2021-02-08
- Added ark installation method support for Amazon Linux
5.0.2 - 2021-02-03
- Update metadata supported platforms
5.0.1 - 2021-01-20
- Update supporting files (https://github.com/sous-chefs/vault/pull/211)
5.0.0 - 2021-01-20
Breaking changes, please see [UPGRADING.md](./UPGRADING.md).
- Add service resource
- Add package installation to install resource
-
HCL configuration support
- Unify server and agent under common resources.
- Add HCL server configuration resources.
- HCL configuration file as accumulated template.
- HCL support for agent configuration.
-
JSON configuration changes
- Remove configuration properties and consolidate configuration in a
config
Hash property to allow new configuration items to be added without requiring a cookbook change. - Add base default configuration similar to vault defaults
- Set sensitive by default
- Remove configuration properties and consolidate configuration in a
4.3.0 (2020-10-19)
- Added 'unauthenticated_metrics_access' config option
4.2.0 (2020-08-11)
- Created hashicorp_vault_agent_install resource
- Created hashicorp_vault_agent_template resource
- Created hashicorp_vault_agent_config resource
- Updated hashicorp_vault_service resource to be configurable for vault agent and server
- Set vault default version to 1.4.1
4.1.0 (2020-05-14)
- resolved cookstyle error: resources/config.rb:211:66 convention:
Layout/TrailingWhitespace
- resolved cookstyle error: resources/config.rb:211:67 refactor:
ChefModernize/FoodcriticComments
- resolved cookstyle error: resources/config.rb:215:60 convention:
Layout/TrailingWhitespace
- resolved cookstyle error: resources/config.rb:215:61 refactor:
ChefModernize/FoodcriticComments
- Resource config now supports property
max_open_files
to tune LimitNOFILE in Systemd unit file. Value is 16384 by default.
v4.0.1 (2020-02-20)
- Runtime directory of 0740 on the systemd
- Telemetry configuration no longer recieves the correct configuration.
v4.0.0 (2020-01-26)
- Option to specify configuration as sensitive via property
- Switched to GitHub Actions
- Rewrote all resources to be custom resource sso there's no longer a dependency on poise
v3.0.2 (2019-06-11)
- Changes the function names for
config_prefix_path
anddata_path
v3.0.1 (2019-06-01)
- added
x_forwarded_for_*
andcluster_addr
config options - disabled unit tests as we cannot bundle install currently
- upgrade to chef 13 minimum
- migrate to circleci 2.0 testing
- added option to set
plugin_directory
v3.0.0 (2018-12-09)
- added options to set
seal
options,ui
, anddisable_performance_standby
- updated tests to test new config options
- added Circle CI tests
- removed support for Ubuntu 12.04 as it's EOL-ed
- added Ubuntu 18.04 tests
v2.5.0 (2017-03-27)
- undefined method `cluster_address' for VaultCookbook::Resource::VaultConfig #93
- Service Logging #89
- disable_cache option #84
- CentOS-- kitchen tests fail w/ sudo issue #78
- Vault archive download address should be configurable #74
- Vault 0.5.3 -> 0.6.0 is breaking. Cookbook major version should have been rev'd. #70
- Initializing and unsealing #69
- Added shasums for vault 0.6.4 and 0.6.5 #94 (onetwopunch)
- Update test configuration, fix Travis builds #92 (legal90)
- fix typo in error message #90 (chrisminton)
- add additional ssl options to vault_secret #88 (chrisminton)
- Vault 0.6.3 #87 (vijaybandari)
- Fixes foodcritic, previous fix caused all checks to be ignored #86 (madeddie)
- Add disable_cache config option #85 (madeddie)
- Add log-level support for service #82 (vijaybandari)
- Update Changelog #81 (legal90)
- Enable passwordless sudo for tests #80 (legal90)
- Add 0.6.2 support #79 (Ginja)
- Add cluster_address for listener options #77 (freimer)
- Refactor integration tests and Travis CI configuration #75 (legal90)
- Fix init script syntax for compatibility with RHEL/CentOS 5 #73 (legal90)
- Add support of Vault 0.6.1 #71 (legal90)
- Create/Delete symbolic link to /usr/local/bin #68 (dpattmann)
- Add default recipe to kitchen run_list #67 (dpattmann)
- Remove 'godep restore' for vault versions > 0.5.0 #66 (dpattmann)
v2.4.0 (2016-06-24)
- Service doesn't come back after reboot because the default service directory is missing #55
- Failing to run service as nonroot #54
- Vault 0.6.0 #65 (axtl)
- Create work dir before service starts as it does not persist across restarts #64 (willejs)
- Liberate "build-essential" version constraint #63 (legal90)
- vault_secret: Raise an exception if Vault read has failed #61 (legal90)
v2.3.0 (2016-06-09)
- What are bag_name, bag_item attributes used for? #58
- Test against newer build-essential #57
- Vault 0.5.3 update (with test fixes, build-essential update) #62 (axtl)
- Fix default value of "leases" attribute #60 (legal90)
- vault_secret: Save lease ID to the nested attribute #56 (legal90)
v2.2.0 (2016-04-19)
- Specifying 'root' removes root login shell #53
- Configure consul backend in hashicorp-vault > 1.5.x #48
- Prevent "vault" service to be restarted on update #52 (legal90)
- Use custom templates for "systemd" and "sysvinit" service providers #51 (legal90)
- Added a resource for reading secrets from Vault #49 (Ginja)
v2.1.1 (2016-03-17)
v2.1.0 (2016-03-17)
- Getting warning message in Chef run #46
- Fix binary installation for i386 architectures. #44 (johnbellone)
v2.0.0 (2016-03-04)
- etcd in not supported as backend secret storage #25
- tls_disable attribute only accepts strings #40
- Error executing action
create
on resource 'vault_config[/home/vault/.vault.json]' #39 - undefined method `delete' for nil:NilClass #34
- metadata updates #33
- No method chef_vault_item #24
- vault_config.rb doesn't writes out telemetry section properly #6
- Fixed Install Issues #42 (Ginja)
- Coerce tls_disable attribute to a string. #41 (CodeGnome)
v1.5.1 (2016-02-18)
v1.5.0 (2016-02-03)
- ['vault']['config']['manage_certificate'] = false does not end up getting set on vault_config resource #31
- Vault 0.2.0 - Does not like tls_disable entered as empty string #8
- Multiple fixes #35 (sh9189)
- Fix tls_disable with vault 0.4.0 #30 (shaneramey)
- support vault 0.4.0 #28 (shaneramey)
- Modify attributes to support vault 0.3.1 #26 (NickLaMuro)
v1.4.0 (2015-09-28)
- Fails to start vault server on CentOS 7.1 #22
- Add note into documentation about chef-vault coobook version #21
- Spec test issue for vault_config: Chef::Provider does not implement #chef_vault_item #11
- Move test data bag item to standard location #19 (jeffbyrnes)
- Clean up spec tests & switch to using Rake #18 (jeffbyrnes)
- Pin chef-vault to specific ref #16 (jeffbyrnes)
- Update Serverspec assertions as per Rspec 3 #15 (jeffbyrnes)
- Make the TLS certificate management optional #13 (jeffbyrnes)
- Update tests for SSL cert/key to match attributes #12 (jeffbyrnes)
v1.3.1 (2015-08-13)
v1.3.0 (2015-08-13)
v1.2.1 (2015-08-07)
v1.2.0 (2015-08-04)
- Vault service fails to start #5
- Upgrading to Vault 0.2.0 #2
- fixing default attributes based on HWRP #3 (zarry)
v1.1.0 (2015-06-16)
v1.0.1 (2015-06-15)
v1.0.0 (2015-06-12)
- -This Change Log was automatically generated by github_changelog_generator-- -This Change Log was automatically generated by github_changelog_generator-