vault job from vault/1.0.0

Github source: 7b910ca or master branch

Properties¶

tls¶

SSL certificate PEM or an array of SSL certificate PEM files

vault¶

config¶

HCL string literal representing the full Vault configuration, will take precedence over any other configuration properties

update¶

step_down_token¶

For a true zero-downtime update to an HA cluster ‘vault step-down’ must be run on each node to force failover before the update. The token the must have the capabilities [‘update’, ‘sudo’] on the ‘/sys/step-down’ path for this to work.

unseal_keys¶

For a true zero-downtime update to an HA cluster each node must be individually unsealed once it has restarted. It is highly advised to generate new unseal keys via ‘vault rekey’ once the update has completed.

Templates¶

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/vault/ directory (learn more).

• bin/monit_debugger (from bin/monit_debugger)
• bin/post-start (from bin/post-start)
• bin/vault_ctl (from bin/vault_ctl)
• config/server.hcl (from config/vault.conf.erb)
• data/properties.sh (from data/properties.sh.erb)
• data/unseal_keys (from data/unseal_keys.erb)
• helpers/ctl_setup.sh (from helpers/ctl_setup.sh)
• helpers/ctl_utils.sh (from helpers/ctl_utils.sh)
• tls/certs.ttar (from tls/certs.ttar)

Packages¶

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.

• ttar
• vault