robertdebock.vault
Ansible Role Vault
This role helps you install Hashicorp Vault, either as a package or a binary.
| GitHub | GitLab | Downloads | Version |
|---|---|---|---|
 |
 |
 |
 |
Example Playbook
Here is an example playbook taken from molecule/default/converge.yml, which is tested on each push, pull request, and release.
---
- name: Converge
hosts: all
become: true
gather_facts: true
roles:
- role: robertdebock.vault
vault_hardening_disable_swap: false
Before running the above playbook, prepare the machine using this other playbook from molecule/default/prepare.yml:
---
- name: Prepare
hosts: all
become: true
gather_facts: false
roles:
- role: robertdebock.bootstrap
- role: robertdebock.core_dependencies
- role: robertdebock.hashicorp
For more details, see the full explanation and example.
Role Variables
Default values for the role’s variables are found in defaults/main.yml:
---
# defaults file for vault
vault_type: oss # Choose "oss", "ent", or "hsm" for the Vault type.
vault_version: "1.15.6" # Set the version of Vault to install.
vault_installation_method: "package" # Choose "package" or "binary".
vault_data_directory: /opt/vault # Where to store Vault data.
vault_hardening_disable_swap: true # Disable swap for security.
vault_hardening_disable_core_dumps: true # Disable core dumps for security.
vault_hardening_disable_shell_command_history: true # Disable shell command history.
vault_hardening_configure_selinux_apparmor: true # Configure SELinux/AppArmor settings.
vault_environment_settings: [] # List of environment variables for Vault.
Requirements
Make sure you have the pip packages listed in requirements.txt.
Used Roles
Several roles are used to prepare the system. You can prepare your system in other ways.
| Requirement | GitHub | GitLab |
|---|---|---|
| robertdebock.bootstrap |  |
 |
| robertdebock.core_dependencies |  |
 |
| robertdebock.hashicorp |  |
 |
Context
This role is part of many related roles. Check out the documentation of these roles for more information.
Here’s a visual overview of related roles:
Compatibility
This role has been tested on these container images:
| container | tags |
|---|---|
| Amazon | Candidate |
| Debian | all |
| EL | 9 |
| Fedora | 38, 39 |
| Ubuntu | all |
Minimum Ansible version required is 2.12. Tests have been conducted for the previous version, current version, and development version.
If you find any issues, please report them on GitHub.
License
This project is under the Apache-2.0 license.
Author Information
The author of this role is robertdebock. Please consider sponsoring me.
Install Hashicorp Vault, either a package or a binary.
ansible-galaxy install robertdebock.vault