vault job from vault/1.1.4
Github source:
7d107e9
or
master branch
Properties¶
additional_config
¶
A place to provide file names and body content for additional configuration files that may be necessary. For example a GCP credentials file. See the README for example configuration.
tls
¶
SSL certificate PEM or an array of SSL certificate PEM files. See the README for example configuration.
vault
¶
addr
¶Address of the Vault server expressed as a URL and port. Set in the environment when monit scripts run the Vault CLI
- Default
https://127.0.0.1:8200
config
¶HCL string literal representing the full Vault configuration, will take precedence over any other configuration properties
skip_verify
¶Do not verify Vault’s presented certificate before communicating with it. Set in the environment when monit scripts run the Vault CLI
- Default
false
update
¶
step_down_token
¶For a true zero-downtime update to an HA cluster ‘vault step-down’ must be run on each node to force failover before the update. The token the must have the capabilities [‘update’, ‘sudo’] on the ‘/sys/step-down’ path for this to work.
unseal_keys
¶For a true zero-downtime update to an HA cluster each node must be individually unsealed once it has restarted. It is highly advised to generate new unseal keys via ‘vault rekey’ once the update has completed.
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/vault/
directory
(learn more).
bin/monit_debugger
(frombin/monit_debugger
)bin/post-start
(frombin/post-start
)bin/vault_ctl
(frombin/vault_ctl
)config/additional_config.ttar
(fromconfig/additional_config.ttar.erb
)config/server.hcl
(fromconfig/vault.conf.erb
)data/properties.sh
(fromdata/properties.sh.erb
)data/unseal_keys
(fromdata/unseal_keys.erb
)helpers/ctl_setup.sh
(fromhelpers/ctl_setup.sh
)helpers/ctl_utils.sh
(fromhelpers/ctl_utils.sh
)tls/certs.ttar
(fromtls/certs.ttar
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.