cookbook 'hashicorp-vault', '= 6.0.3'
hashicorp-vault
(59) Versions
6.0.3
-
-
6.3.20
-
6.3.19
-
6.3.18
-
6.3.17
-
6.3.16
-
6.3.15
-
6.3.14
-
6.3.13
-
6.3.12
-
6.3.11
-
6.3.10
-
6.3.9
-
6.3.8
-
6.3.7
-
6.3.6
-
6.3.5
-
6.3.4
-
6.3.3
-
6.3.2
-
6.3.1
-
6.3.0
-
6.2.0
-
6.1.0
-
6.0.3
-
6.0.2
-
6.0.1
-
6.0.0
-
5.3.1
-
5.3.0
-
5.2.0
-
5.1.0
-
5.0.2
-
5.0.1
-
5.0.0
-
4.3.0
-
4.2.0
-
4.1.0
-
4.0.1
-
4.0.0
-
3.0.2
-
3.0.1
-
3.0.0
-
2.5.0
-
2.4.0
-
2.3.0
-
2.2.0
-
2.1.1
-
2.1.0
-
2.0.0
-
1.5.1
-
1.5.0
-
1.4.0
-
1.3.1
-
1.3.0
-
1.2.1
-
1.2.0
-
1.1.0
-
1.0.1
-
1.0.0
Follow20
- 6.3.20
- 6.3.19
- 6.3.18
- 6.3.17
- 6.3.16
- 6.3.15
- 6.3.14
- 6.3.13
- 6.3.12
- 6.3.11
- 6.3.10
- 6.3.9
- 6.3.8
- 6.3.7
- 6.3.6
- 6.3.5
- 6.3.4
- 6.3.3
- 6.3.2
- 6.3.1
- 6.3.0
- 6.2.0
- 6.1.0
- 6.0.3
- 6.0.2
- 6.0.1
- 6.0.0
- 5.3.1
- 5.3.0
- 5.2.0
- 5.1.0
- 5.0.2
- 5.0.1
- 5.0.0
- 4.3.0
- 4.2.0
- 4.1.0
- 4.0.1
- 4.0.0
- 3.0.2
- 3.0.1
- 3.0.0
- 2.5.0
- 2.4.0
- 2.3.0
- 2.2.0
- 2.1.1
- 2.1.0
- 2.0.0
- 1.5.1
- 1.5.0
- 1.4.0
- 1.3.1
- 1.3.0
- 1.2.1
- 1.2.0
- 1.1.0
- 1.0.1
- 1.0.0
Application cookbook for installing and configuring Vault.
cookbook 'hashicorp-vault', '= 6.0.3', :supermarket
knife supermarket install hashicorp-vault
knife supermarket download hashicorp-vault
hashicorp-vault cookbook
Install and configure Hashicorp Vault in server and agent mode.
Version 5.0.0 constitutes a major change and rewrite, please see [UPGRADING.md](./UPGRADING.md).
Maintainers
This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit sous-chefs.org or come chat with us on the Chef Community Slack in #sous-chefs.
Platforms
The following platforms have been certified with integration tests
using Test Kitchen:
- Debian/Ubuntu
- RHEL/CentOS and derivatives
- Fedora and derivatives
Requirements
- Chef 14+
- ark Community Cookbook (https://supermarket.chef.io/cookbooks/ark)
Usage
It is recommended to create a project or organization specific wrapper cookbook and add the desired custom resources to the run list of a node. Depending on your environment, you may have multiple roles that use different recipes from this cookbook. Adjust any attributes as desired.
Example of a basic server configuration using Hashicorp HCL for configuration
hashicorp_vault_install 'package' do action :upgrade end hashicorp_vault_config_global 'vault' do sensitive false telemetry( statsite_address: '127.0.0.1:8125', disable_hostname: true ) notifies :restart, 'hashicorp_vault_service[vault]', :delayed action :create end hashicorp_vault_config_listener 'tcp' do options( 'address' => '127.0.0.1:8200', 'cluster_address' => '127.0.0.1:8201', 'tls_cert_file' => '/opt/vault/tls/tls.crt', 'tls_key_file' => '/opt/vault/tls/tls.key', 'telemetry' => { 'unauthenticated_metrics_access' => false, } ) notifies :restart, 'hashicorp_vault_service[vault]', :delayed end hashicorp_vault_config_storage 'Test file storage' do type 'file' options( 'path' => '/opt/vault/data' ) notifies :restart, 'hashicorp_vault_service[vault]', :delayed end hashicorp_vault_service 'vault' do action %i(create enable start) end
External Documentation
Resources
- [hashicorp_vault_config_auto_auth](documentation/hashicorp_vault_config_auto_auth.md)
- [hashicorp_vault_config_entropy](documentation/hashicorp_vault_config_entropy.md)
- [hashicorp_vault_config_global](documentation/hashicorp_vault_config_global.md)
- [hashicorp_vault_config_listener](documentation/hashicorp_vault_config_listener.md)
- [hashicorp_vault_config_seal](documentation/hashicorp_vault_config_seal.md)
- [hashicorp_vault_config_service_registration](documentation/hashicorp_vault_config_service_registration.md)
- [hashicorp_vault_config_storage](documentation/hashicorp_vault_config_storage.md)
- [hashicorp_vault_config_template](documentation/hashicorp_vault_config_template.md)
- [hashicorp_vault_config](documentation/hashicorp_vault_config.md)
- [hashicorp_vault_install](documentation/hashicorp_vault_install.md)
- [hashicorp_vault_service](documentation/hashicorp_vault_service.md)
Contributors
This project exists thanks to all the people who contribute.
Backers
Thank you to all our backers!
Sponsors
Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
Change Log
All notable changes to this project will be documented in this file.
6.0.3 - 2021-08-30
- Standardise files with files in sous-chefs/repo-management
6.0.2 - 2021-06-18
- Un-vendor hcl-checker gem
6.0.1 - 2021-06-01
- Standardise files with files in sous-chefs/repo-management
6.0.0 - 2021-05-25
Breaking changes, please see [UPGRADING.md](./UPGRADING.md).
- Chef 16 is now required
- Resource partials now in use
- Refactor all HCL resources to use
load_current_value
andconverge_if_changed
- Resource notifications now function as per the core resources
- Changed values are displayed and can be reported upon
- Server configuration items are written to indiviual files
- Agent configuration is still accumulated as per previous versions
- Refactor json configuration resource to use
load_current_value
andconverge_if_changed
5.3.1 - 2021-05-11
5.3.0 - 2021-03-26
- Refactor service action to use standard action and allow multiple actions - @bmhughes
5.2.0 - 2021-02-09
- Support ark installation for aarch64/i386/x86_64 architectures
5.1.0 - 2021-02-08
- Added ark installation method support for Amazon Linux
5.0.2 - 2021-02-03
- Update metadata supported platforms
5.0.1 - 2021-01-20
- Update supporting files (https://github.com/sous-chefs/vault/pull/211)
5.0.0 - 2021-01-20
Breaking changes, please see [UPGRADING.md](./UPGRADING.md).
- Add service resource
- Add package installation to install resource
-
HCL configuration support
- Unify server and agent under common resources.
- Add HCL server configuration resources.
- HCL configuration file as accumulated template.
- HCL support for agent configuration.
-
JSON configuration changes
- Remove configuration properties and consolidate configuration in a
config
Hash property to allow new configuration items to be added without requiring a cookbook change. - Add base default configuration similar to vault defaults
- Set sensitive by default
- Remove configuration properties and consolidate configuration in a
4.3.0 (2020-10-19)
- Added 'unauthenticated_metrics_access' config option
4.2.0 (2020-08-11)
- Created hashicorp_vault_agent_install resource
- Created hashicorp_vault_agent_template resource
- Created hashicorp_vault_agent_config resource
- Updated hashicorp_vault_service resource to be configurable for vault agent and server
- Set vault default version to 1.4.1
4.1.0 (2020-05-14)
- resolved cookstyle error: resources/config.rb:211:66 convention:
Layout/TrailingWhitespace
- resolved cookstyle error: resources/config.rb:211:67 refactor:
ChefModernize/FoodcriticComments
- resolved cookstyle error: resources/config.rb:215:60 convention:
Layout/TrailingWhitespace
- resolved cookstyle error: resources/config.rb:215:61 refactor:
ChefModernize/FoodcriticComments
- Resource config now supports property
max_open_files
to tune LimitNOFILE in Systemd unit file. Value is 16384 by default.
v4.0.1 (2020-02-20)
- Runtime directory of 0740 on the systemd
- Telemetry configuration no longer recieves the correct configuration.
v4.0.0 (2020-01-26)
- Option to specify configuration as sensitive via property
- Switched to GitHub Actions
- Rewrote all resources to be custom resource sso there's no longer a dependency on poise
v3.0.2 (2019-06-11)
- Changes the function names for
config_prefix_path
anddata_path
v3.0.1 (2019-06-01)
- added
x_forwarded_for_*
andcluster_addr
config options - disabled unit tests as we cannot bundle install currently
- upgrade to chef 13 minimum
- migrate to circleci 2.0 testing
- added option to set
plugin_directory
v3.0.0 (2018-12-09)
- added options to set
seal
options,ui
, anddisable_performance_standby
- updated tests to test new config options
- added Circle CI tests
- removed support for Ubuntu 12.04 as it's EOL-ed
- added Ubuntu 18.04 tests
v2.5.0 (2017-03-27)
- undefined method `cluster_address' for VaultCookbook::Resource::VaultConfig #93
- Service Logging #89
- disable_cache option #84
- CentOS-- kitchen tests fail w/ sudo issue #78
- Vault archive download address should be configurable #74
- Vault 0.5.3 -> 0.6.0 is breaking. Cookbook major version should have been rev'd. #70
- Initializing and unsealing #69
- Added shasums for vault 0.6.4 and 0.6.5 #94 (onetwopunch)
- Update test configuration, fix Travis builds #92 (legal90)
- fix typo in error message #90 (chrisminton)
- add additional ssl options to vault_secret #88 (chrisminton)
- Vault 0.6.3 #87 (vijaybandari)
- Fixes foodcritic, previous fix caused all checks to be ignored #86 (madeddie)
- Add disable_cache config option #85 (madeddie)
- Add log-level support for service #82 (vijaybandari)
- Update Changelog #81 (legal90)
- Enable passwordless sudo for tests #80 (legal90)
- Add 0.6.2 support #79 (Ginja)
- Add cluster_address for listener options #77 (freimer)
- Refactor integration tests and Travis CI configuration #75 (legal90)
- Fix init script syntax for compatibility with RHEL/CentOS 5 #73 (legal90)
- Add support of Vault 0.6.1 #71 (legal90)
- Create/Delete symbolic link to /usr/local/bin #68 (dpattmann)
- Add default recipe to kitchen run_list #67 (dpattmann)
- Remove 'godep restore' for vault versions > 0.5.0 #66 (dpattmann)
v2.4.0 (2016-06-24)
- Service doesn't come back after reboot because the default service directory is missing #55
- Failing to run service as nonroot #54
- Vault 0.6.0 #65 (axtl)
- Create work dir before service starts as it does not persist across restarts #64 (willejs)
- Liberate "build-essential" version constraint #63 (legal90)
- vault_secret: Raise an exception if Vault read has failed #61 (legal90)
v2.3.0 (2016-06-09)
- What are bag_name, bag_item attributes used for? #58
- Test against newer build-essential #57
- Vault 0.5.3 update (with test fixes, build-essential update) #62 (axtl)
- Fix default value of "leases" attribute #60 (legal90)
- vault_secret: Save lease ID to the nested attribute #56 (legal90)
v2.2.0 (2016-04-19)
- Specifying 'root' removes root login shell #53
- Configure consul backend in hashicorp-vault > 1.5.x #48
- Prevent "vault" service to be restarted on update #52 (legal90)
- Use custom templates for "systemd" and "sysvinit" service providers #51 (legal90)
- Added a resource for reading secrets from Vault #49 (Ginja)
v2.1.1 (2016-03-17)
v2.1.0 (2016-03-17)
- Getting warning message in Chef run #46
- Fix binary installation for i386 architectures. #44 (johnbellone)
v2.0.0 (2016-03-04)
- etcd in not supported as backend secret storage #25
- tls_disable attribute only accepts strings #40
- Error executing action
create
on resource 'vault_config[/home/vault/.vault.json]' #39 - undefined method `delete' for nil:NilClass #34
- metadata updates #33
- No method chef_vault_item #24
- vault_config.rb doesn't writes out telemetry section properly #6
- Fixed Install Issues #42 (Ginja)
- Coerce tls_disable attribute to a string. #41 (CodeGnome)
v1.5.1 (2016-02-18)
v1.5.0 (2016-02-03)
- ['vault']['config']['manage_certificate'] = false does not end up getting set on vault_config resource #31
- Vault 0.2.0 - Does not like tls_disable entered as empty string #8
- Multiple fixes #35 (sh9189)
- Fix tls_disable with vault 0.4.0 #30 (shaneramey)
- support vault 0.4.0 #28 (shaneramey)
- Modify attributes to support vault 0.3.1 #26 (NickLaMuro)
v1.4.0 (2015-09-28)
- Fails to start vault server on CentOS 7.1 #22
- Add note into documentation about chef-vault coobook version #21
- Spec test issue for vault_config: Chef::Provider does not implement #chef_vault_item #11
- Move test data bag item to standard location #19 (jeffbyrnes)
- Clean up spec tests & switch to using Rake #18 (jeffbyrnes)
- Pin chef-vault to specific ref #16 (jeffbyrnes)
- Update Serverspec assertions as per Rspec 3 #15 (jeffbyrnes)
- Make the TLS certificate management optional #13 (jeffbyrnes)
- Update tests for SSL cert/key to match attributes #12 (jeffbyrnes)
v1.3.1 (2015-08-13)
v1.3.0 (2015-08-13)
v1.2.1 (2015-08-07)
v1.2.0 (2015-08-04)
- Vault service fails to start #5
- Upgrading to Vault 0.2.0 #2
- fixing default attributes based on HWRP #3 (zarry)
v1.1.0 (2015-06-16)
v1.0.1 (2015-06-15)
v1.0.0 (2015-06-12)
- -This Change Log was automatically generated by github_changelog_generator-- -This Change Log was automatically generated by github_changelog_generator-
Collaborator Number Metric
6.0.3 passed this metric
Contributing File Metric
6.0.3 passed this metric
Foodcritic Metric
6.0.3 passed this metric
No Binaries Metric
6.0.3 passed this metric
Testing File Metric
6.0.3 passed this metric
Version Tag Metric
6.0.3 passed this metric
6.0.3 passed this metric
6.0.3 passed this metric
Foodcritic Metric
6.0.3 passed this metric
No Binaries Metric
6.0.3 passed this metric
Testing File Metric
6.0.3 passed this metric
Version Tag Metric
6.0.3 passed this metric
6.0.3 passed this metric
6.0.3 passed this metric
Testing File Metric
6.0.3 passed this metric
Version Tag Metric
6.0.3 passed this metric
6.0.3 passed this metric
6.0.3 passed this metric