vault job from vault/0.5.0

Github source: aa5a5312 or master branch

Properties¶

vault¶

disable_mlock¶

Disable mlock if you’re crazy

Default

false

ha¶

cluster_address¶

This is the address to advertise to other Vault servers in the cluster for request forwarding.

disable_clustering¶

This controls whether clustering features (currently, request forwarding) are enabled

Default

"true"

redirect_address¶

This is the address to advertise to other Vault servers in the cluster for client redirection

listener¶

cluster¶

address¶

Address to bind to for cluster server-to-server requests

Default

0.0.0.0

port¶

Port for cluster address required for server-to-server connection

Default

8201

tcp¶

address¶

Address for TCP connection

Default

0.0.0.0

port¶

Port for TCP connection

Default

8200

tls¶

certificate¶

Contents of the PEM-encoded TLS server certificate

key¶

Contents of the PEM-encoded TLS server private key

min_version¶

Minimum TLS version to use

Default

tls12

storage¶

consul¶

address¶

Address for Consul

check_timeout¶

The check interval used to send health check information to consul.

Default

5s

max_parallel¶

The maximum number of concurrent requests to Consul.

Default

128

path¶

Path for Consul

Default

vault/

tls¶

ca_certificate¶

Contents of the PEM-encoded TLS CA certificate

certificate¶

Contents of the PEM-encoded TLS server certificate

key¶

Contents of the PEM-encoded TLS server private key

min_version¶

Minimum TLS version to use

Default

tls12

skip_verify¶

Indicates whether host verification should be disabled.

Default

false

token¶

Access Token for Consul

file¶

path¶

Path for File storage

Default

/var/vcap/store/

s3¶

access_key¶

AWS access key

bucket¶

S3 bucket name

endpoint¶

AWS S3 endpoint

region¶

AWS region

Default

us-east-1

secret_key¶

AWS secret key

session_token¶

AWS session token

use_consul¶

Use Cosul for data store

Default

false

use_file¶

Use File storage

Default

false

use_inmem¶

Use In Memory storage

Default

false

use_s3¶

Use S3 storage

Default

false

telemetry¶

disable_hostname¶

Whether or not to prepend runtime telemetry with the machines hostname. This is a global option.

Default

false

statsd_addr¶

Address for StatsD

statsite_addr¶

Address for statsite

update¶

step_down_token¶

For a true zero-downtime update to an HA cluster ‘vault step-down’ must be run on each node to force failover before the update. The token the must have the capabilities [‘update’, ‘sudo’] on the ‘/sys/step-down’ path for this to work.

unseal_keys¶

For a true zero-downtime update to an HA cluster each node must be individually unsealed once it has restarted. It is highly advised to generate new unseal keys via ‘vault rekey’ once the update has completed.

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/vault/ directory (learn more).

• bin/monit_debugger (from bin/monit_debugger)
• bin/post-start (from bin/post-start)
• bin/vault_ctl (from bin/vault_ctl)
• config/server.hcl (from config/vault.conf.erb)
• data/properties.sh (from data/properties.sh.erb)
• data/unseal_keys (from data/unseal_keys.erb)
• helpers/ctl_setup.sh (from helpers/ctl_setup.sh)
• helpers/ctl_utils.sh (from helpers/ctl_utils.sh)
• ssl/certificate.pem (from ssl/certificate.pem)
• ssl/consul_ca_certificate.pem (from ssl/consul_ca_certificate.pem)
• ssl/consul_certificate.pem (from ssl/consul_certificate.pem)
• ssl/consul_key.pem (from ssl/consul_key.pem)
• ssl/key.pem (from ssl/key.pem)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• vault