Vault SDB Module
maintainer: | SaltStack |
---|---|
maturity: | New |
platform: | all |
New in version Carbon.
This module allows access to Hashicorp Vault using an sdb://
URI.
Like all sdb modules, the vault module requires a configuration profile to be configured in either the minion or master configuration file. This profile requires very little. In the example:
myvault:
driver: vault
vault.host: 127.0.0.1
vault.port: 8200
vault.scheme: http # Optional; default is https
vault.token: 012356789abcdef # Required, unless set in environment
The driver
refers to the vault
module, vault.host
refers to the host
that is hosting vault and vault.port
refers to the port on that host. A
vault token is also required. It may be set statically, as above, or as an
environment variable:
$ export VAULT_TOKEN=0123456789abcdef
Once configured you can access data using a URL such as:
password: sdb://myvault/secret/passwords?mypassword
In this URL, myvault
refers to the configuration profile,
secret/passwords
is the path where the data resides, and mypassword
is
the key of the data to return.
The above URI is analogous to running the following vault command:
$ vault read -field=mypassword secret/passwords
salt.sdb.vault.
get
(key, profile=None)¶Get a value from the vault service
salt.sdb.vault.
set
(key, value, profile=None)¶Set a key/value pair in the vault service