xoxys.vault/_docs/index.md

title	type
vault	docs

Setup HashiCorp Vaul secrets manager.

• Requirements
• Default Variables
  • vault_auto_unseal
  • vault_cap_add
  • vault_cap_drop
  • vault_config_volume
  • vault_data_volume
  • vault_default_lease_ttl
  • vault_disable_clustering
  • vault_exposed_ports
  • vault_image
  • vault_log_level
  • vault_max_lease_ttl
  • vault_network
  • vault_network_ipv4_gateway
  • vault_network_ipv4_subnet
  • vault_network_ipv6_enabled
  • vault_network_ipv6_gateway
  • vault_network_ipv6_subnet
  • vault_podman_args
  • vault_ui
  • vault_unseal_keys
  • vault_url
  • vault_volumes
• Dependencies

---

Requirements

• Minimum Ansible version: 2.10

Default Variables

vault_auto_unseal

Default value

vault_auto_unseal: false

vault_cap_add

Default value

vault_cap_add:
  - ipc_lock

vault_cap_drop

Default value

vault_cap_drop: []

vault_config_volume

Default value

vault_config_volume: vault-config

vault_data_volume

Default value

vault_data_volume: vault-data

vault_default_lease_ttl

Default value

vault_default_lease_ttl: 24h

vault_disable_clustering

Default value

vault_disable_clustering: true

vault_exposed_ports

Ports you want to publish outside of Docker. Vault is running on 8200 inside of the container.

Default value

vault_exposed_ports: []

vault_image

Default value

vault_image: docker.io/hashicorp/vault:latest

vault_log_level

Default value

vault_log_level: warn

vault_max_lease_ttl

Default value

vault_max_lease_ttl: 240h

vault_network

Name of the container network. If the name ends with .network, the network will be created with the specified configuration. Otherwise, the network must already exist and the container will be attached to the network.

Default value

vault_network: vault.network

vault_network_ipv4_gateway

Default value

vault_network_ipv4_gateway: _unset_

vault_network_ipv4_subnet

Default value

vault_network_ipv4_subnet: _unset_

vault_network_ipv6_enabled

Default value

vault_network_ipv6_enabled: false

vault_network_ipv6_gateway

Default value

vault_network_ipv6_gateway: _unset_

Example usage

vault_network_ipv6_gateway: fd00:0:0:2::1

vault_network_ipv6_subnet

Default value

vault_network_ipv6_subnet: _unset_

Example usage

vault_network_ipv6_subnet: fd00:0:0:2::/64

vault_podman_args

Default value

vault_podman_args:
  - --pids-limit=-1
  - --userns=host
  - --health-cmd='["wget", "--spider", "--proxy", "off", "http://localhost:8200/{{
    __vault_health_path }}"]'
  - --health-interval=5s
  - --health-timeout=5s
  - --health-retries=6
  - --health-on-failure=kill

vault_ui

Default value

vault_ui: true

vault_unseal_keys

Default value

vault_unseal_keys: []

vault_url

Default value

vault_url: http://localhost:8200

vault_volumes

Define required docker volumes.

Default value

vault_volumes:
  - name: '{{ vault_config_volume }}'
    dest: /vault/config
    opts: Z
  - name: '{{ vault_data_volume }}'
    dest: /vault/file
    opts: Z

Example usage

vault_volumes:
  - name: data
    # target location inside the container
    dest: /var/www/app/data
    type: volume

Dependencies

None.