--- title: vault type: docs --- [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.vault) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.vault?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.vault) [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg?label=license)](https://gitea.rknet.org/ansible/xoxys.vault/src/branch/main/LICENSE) Setup HashiCorp Vaul secrets manager. - [Requirements](#requirements) - [Default Variables](#default-variables) - [vault_auto_unseal](#vault_auto_unseal) - [vault_cap_add](#vault_cap_add) - [vault_cap_drop](#vault_cap_drop) - [vault_config_volume](#vault_config_volume) - [vault_data_volume](#vault_data_volume) - [vault_default_lease_ttl](#vault_default_lease_ttl) - [vault_disable_clustering](#vault_disable_clustering) - [vault_exposed_ports](#vault_exposed_ports) - [vault_image](#vault_image) - [vault_log_level](#vault_log_level) - [vault_max_lease_ttl](#vault_max_lease_ttl) - [vault_network](#vault_network) - [vault_network_ipv4_gateway](#vault_network_ipv4_gateway) - [vault_network_ipv4_subnet](#vault_network_ipv4_subnet) - [vault_network_ipv6_enabled](#vault_network_ipv6_enabled) - [vault_network_ipv6_gateway](#vault_network_ipv6_gateway) - [vault_network_ipv6_subnet](#vault_network_ipv6_subnet) - [vault_podman_args](#vault_podman_args) - [vault_ui](#vault_ui) - [vault_unseal_keys](#vault_unseal_keys) - [vault_url](#vault_url) - [vault_volumes](#vault_volumes) - [Dependencies](#dependencies) --- ## Requirements - Minimum Ansible version: `2.10` ## Default Variables ### vault_auto_unseal #### Default value ```YAML vault_auto_unseal: false ``` ### vault_cap_add #### Default value ```YAML vault_cap_add: - ipc_lock ``` ### vault_cap_drop #### Default value ```YAML vault_cap_drop: [] ``` ### vault_config_volume #### Default value ```YAML vault_config_volume: vault-config ``` ### vault_data_volume #### Default value ```YAML vault_data_volume: vault-data ``` ### vault_default_lease_ttl #### Default value ```YAML vault_default_lease_ttl: 24h ``` ### vault_disable_clustering #### Default value ```YAML vault_disable_clustering: true ``` ### vault_exposed_ports Ports you want to publish outside of Docker. Vault is running on `8200` inside of the container. #### Default value ```YAML vault_exposed_ports: [] ``` ### vault_image #### Default value ```YAML vault_image: docker.io/hashicorp/vault:latest ``` ### vault_log_level #### Default value ```YAML vault_log_level: warn ``` ### vault_max_lease_ttl #### Default value ```YAML vault_max_lease_ttl: 240h ``` ### vault_network Name of the container network. If the name ends with `.network`, the network will be created with the specified configuration. Otherwise, the network must already exist and the container will be attached to the network. #### Default value ```YAML vault_network: vault.network ``` ### vault_network_ipv4_gateway #### Default value ```YAML vault_network_ipv4_gateway: _unset_ ``` ### vault_network_ipv4_subnet #### Default value ```YAML vault_network_ipv4_subnet: _unset_ ``` ### vault_network_ipv6_enabled #### Default value ```YAML vault_network_ipv6_enabled: false ``` ### vault_network_ipv6_gateway #### Default value ```YAML vault_network_ipv6_gateway: _unset_ ``` #### Example usage ```YAML vault_network_ipv6_gateway: fd00:0:0:2::1 ``` ### vault_network_ipv6_subnet #### Default value ```YAML vault_network_ipv6_subnet: _unset_ ``` #### Example usage ```YAML vault_network_ipv6_subnet: fd00:0:0:2::/64 ``` ### vault_podman_args #### Default value ```YAML vault_podman_args: - --pids-limit=-1 - --userns=host - --health-cmd='["wget", "--spider", "--proxy", "off", "http://localhost:8200/{{ __vault_health_path }}"]' - --health-interval=5s - --health-timeout=5s - --health-retries=6 - --health-on-failure=kill ``` ### vault_ui #### Default value ```YAML vault_ui: true ``` ### vault_unseal_keys #### Default value ```YAML vault_unseal_keys: [] ``` ### vault_url #### Default value ```YAML vault_url: http://localhost:8200 ``` ### vault_volumes > Define required docker volumes. #### Default value ```YAML vault_volumes: - name: '{{ vault_config_volume }}' dest: /vault/config opts: Z - name: '{{ vault_data_volume }}' dest: /vault/file opts: Z ``` #### Example usage ```YAML vault_volumes: - name: data # target location inside the container dest: /var/www/app/data type: volume ``` ## Dependencies None.