Skip to content

vault job from vault/1.1.3

Github source: 6d134a0 or master branch

Properties

additional_config

A place to provide file names and body content for additional configuration files that may be necessary. For example a GCP credentials file. See the README for example configuration.

tls

SSL certificate PEM or an array of SSL certificate PEM files. See the README for example configuration.

vault

addr

Address of the Vault server expressed as a URL and port. Set in the environment when monit scripts run the Vault CLI

Default
https://127.0.0.1:8200

config

HCL string literal representing the full Vault configuration, will take precedence over any other configuration properties

skip_verify

Do not verify Vault’s presented certificate before communicating with it. Set in the environment when monit scripts run the Vault CLI

Default
false

update

step_down_token

For a true zero-downtime update to an HA cluster ‘vault step-down’ must be run on each node to force failover before the update. The token the must have the capabilities [‘update’, ‘sudo’] on the ‘/sys/step-down’ path for this to work.

unseal_keys

For a true zero-downtime update to an HA cluster each node must be individually unsealed once it has restarted. It is highly advised to generate new unseal keys via ‘vault rekey’ once the update has completed.

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/vault/ directory (learn more).

  • bin/monit_debugger (from bin/monit_debugger)
  • bin/post-start (from bin/post-start)
  • bin/vault_ctl (from bin/vault_ctl)
  • config/additional_config.ttar (from config/additional_config.ttar.erb)
  • config/server.hcl (from config/vault.conf.erb)
  • data/properties.sh (from data/properties.sh.erb)
  • data/unseal_keys (from data/unseal_keys.erb)
  • helpers/ctl_setup.sh (from helpers/ctl_setup.sh)
  • helpers/ctl_utils.sh (from helpers/ctl_utils.sh)
  • tls/certs.ttar (from tls/certs.ttar)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.