vault job from vault/1.0.1
Github source:
1f4fcee or
master branch
Properties¶
tls¶
SSL certificate PEM or an array of SSL certificate PEM files
vault¶
addr¶Address of the Vault server expressed as a URL and port. Set in the environment when monit scripts run the Vault CLI
- Default
config¶HCL string literal representing the full Vault configuration, will take precedence over any other configuration properties
skip_verify¶Do not verify Vault’s presented certificate before communicating with it. Set in the environment when monit scripts run the Vault CLI
- Default
update¶
step_down_token¶For a true zero-downtime update to an HA cluster ‘vault step-down’ must be run on each node to force failover before the update. The token the must have the capabilities [‘update’, ‘sudo’] on the ‘/sys/step-down’ path for this to work.
unseal_keys¶For a true zero-downtime update to an HA cluster each node must be individually unsealed once it has restarted. It is highly advised to generate new unseal keys via ‘vault rekey’ once the update has completed.
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/vault/ directory
(learn more).
bin/monit_debugger(frombin/monit_debugger)bin/post-start(frombin/post-start)bin/vault_ctl(frombin/vault_ctl)config/server.hcl(fromconfig/vault.conf.erb)data/properties.sh(fromdata/properties.sh.erb)data/unseal_keys(fromdata/unseal_keys.erb)helpers/ctl_setup.sh(fromhelpers/ctl_setup.sh)helpers/ctl_utils.sh(fromhelpers/ctl_utils.sh)tls/certs.ttar(fromtls/certs.ttar)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/ directory.