Vault Pillar Module
maintainer: | SaltStack |
---|---|
maturity: | New |
platform: | all |
New in version Carbon.
This module allows pillar data to be stored in Hashicorp Vault.
The vault module requires a configuration profile to be configured in either the minion or master configuration file. This profile requires very little. In the example:
myvault:
vault.host: 127.0.0.1
vault.port: 8200
vault.scheme: http # Optional; default is https
vault.token: 012356789abcdef # Required, unless set in environment
vault.host
refers to the host that is hosting vault and vault.port
refers to the port on that host. A vault token is also required. It may be set
statically, as above, or as an environment variable:
$ export VAULT_TOKEN=0123456789abcdef
After the profile is created, configure the external pillar system to use it. A path must also be specified so that vault knows where to look.
ext_pillar:
- vault: my_vault_config path=secret/salt
Using these configuration profiles, multiple vault sources may also be used:
ext_pillar:
- vault: my_vault_config
- vault: my_other_vault_config
salt.pillar.vault.
ext_pillar
(minion_id, pillar, conf)¶Check vault for all data