Vault SDB Module
| maintainer: | SaltStack |
|---|---|
| maturity: | New |
| platform: | all |
New in version Carbon.
This module allows access to Hashicorp Vault using an sdb:// URI.
Like all sdb modules, the vault module requires a configuration profile to be configured in either the minion or master configuration file. This profile requires very little. In the example:
myvault:
driver: vault
vault.host: 127.0.0.1
vault.port: 8200
vault.scheme: http # Optional; default is https
vault.token: 012356789abcdef # Required, unless set in environment
The driver refers to the vault module, vault.host refers to the host
that is hosting vault and vault.port refers to the port on that host. A
vault token is also required. It may be set statically, as above, or as an
environment variable:
$ export VAULT_TOKEN=0123456789abcdef
Once configured you can access data using a URL such as:
password: sdb://myvault/secret/passwords?mypassword
In this URL, myvault refers to the configuration profile,
secret/passwords is the path where the data resides, and mypassword is
the key of the data to return.
The above URI is analogous to running the following vault command:
$ vault read -field=mypassword secret/passwords
salt.sdb.vault.get(key, profile=None)¶Get a value from the vault service
salt.sdb.vault.set(key, value, profile=None)¶Set a key/value pair in the vault service