vault job from vault/0.4.3

Github source: 3ebca1f5 or master branch

Properties¶

vault¶

backend¶

consul¶

address¶

Address for Consul

check_timeout¶

The check interval used to send health check information to consul.

Default

5s

datacenter¶

Datacenter for Consul

max_parallel¶

The maximum number of concurrent requests to Consul.

Default

128

path¶

Path for Consul

Default

vault/

scheme¶

Scheme for Consul

tls¶

ca_certificate¶

Contents of the PEM-encoded TLS CA certificate

certificate¶

Contents of the PEM-encoded TLS server certificate

key¶

Contents of the PEM-encoded TLS server private key

min_version¶

Minimum TLS version to use

Default

tls12

skip_verify¶

Indicates whether host verification should be disabled.

Default

false

token¶

Access Token for Consul

file¶

path¶

Path for File backend

Default

/var/vcap/store/

s3¶

access_key¶

AWS access key

bucket¶

S3 bucket name

endpoint¶

AWS S3 endpoint

region¶

AWS region

Default

us-east-1

secret_key¶

AWS secret key

session_token¶

AWS session token

use_consul¶

Use Cosul for data store

Default

false

use_file¶

Use File backend

Default

false

use_inmem¶

Use In Memory backend

Default

false

use_s3¶

Use S3 backend

Default

false

disable_mlock¶

Disable mlock if you’re crazy

Default

false

ha¶

cluster_address¶

This is the address to advertise to other Vault servers in the cluster for request forwarding.

disable_clustering¶

This controls whether clustering features (currently, request forwarding) are enabled

Default

"true"

domain¶

The DNS domain name to advertise in HA configuration. If unspecified, advertise_addr will not be set.

name¶

The DNS hostname to advertise in HA configuration. The keywords (deployment) and (index) will be replaced by the configured deployment and instance index (i.e. ‘prod-vault’ and ‘3’)

Default

(deployment)-(index)

redirect_address¶

This is the address to advertise to other Vault servers in the cluster for client redirection

listener¶

cluster¶

address¶

Address to bind to for cluster server-to-server requests

Default

0.0.0.0

port¶

Port for cluster address required for server-to-server connection

Default

8201

tcp¶

address¶

Address for TCP connection

Default

0.0.0.0

port¶

Port for TCP connection

Default

8200

tls¶

certificate¶

Contents of the PEM-encoded TLS server certificate

key¶

Contents of the PEM-encoded TLS server private key

min_version¶

Minimum TLS version to use

Default

tls12

statsd_addr¶

Address for StatsD

statsite_addr¶

Address for statsite

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/vault/ directory (learn more).

• bin/monit_debugger (from bin/monit_debugger)
• bin/vault_ctl (from bin/vault_ctl)
• config/server.hcl (from config/vault.conf.erb)
• data/properties.sh (from data/properties.sh.erb)
• helpers/ctl_setup.sh (from helpers/ctl_setup.sh)
• helpers/ctl_utils.sh (from helpers/ctl_utils.sh)
• ssl/ca_certificate.pem (from ssl/ca_certificate.pem)
• ssl/certificate.pem (from ssl/certificate.pem)
• ssl/consul_certificate.pem (from ssl/consul_certificate.pem)
• ssl/consul_key.pem (from ssl/consul_key.pem)
• ssl/key.pem (from ssl/key.pem)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• vault