Skip to content

xebialabs-community/xld-hashicorp-vault-plugin

Repository files navigation

HashiCorp Vault plugin for XLDeploy

Build Status Codacy Badge Code Climate License: MIT Github All Releases

Overview

The HashiCorp Vault plugin is an XL Deploy plugin that fetch information for a host into a Vault server:username, password, private key file path,...

Requirements

  • XL Deploy requirements
    • XL Deploy: version 6.0.+

Installation

Place the plugin xldp file into your SERVER_HOME/plugins directory.

Usage

Define one or more vault.Server CI is under the 'Configuration' Node.

All the host types have extra properties to link them to a key in a vault

  • managedByVault (default false)
  • vaultServer
  • vaultKey an alternative key to look up in the vault, instead it is secret/[ci.id]

Setup

Vault server

Start a vault server for exemple using the development mode:

vault server -dev

From the output, create a new ci of type vault.Server under the node configuration

The only step you need to take is to set the following
environment variables:

    export VAULT_ADDR='http://127.0.0.1:8200'

The unseal key and root token are reproduced below in case you
want to seal/unseal the Vault or play with authentication.

Unseal Key: TXDIS2qmD96+PS9ABAesExi8CPxl7AYCGC5as6mQ2MY=
Root Token: 40ce23a2-b5e2-d07f-2d34-349a47cc05bc

Vault Server

Add Data in the vault

vault write secret/Infrastructure/hosts/vagrant.1 username=ubuntu password=ubuntu
vault write secret/Infrastructure/hosts/vagrant.2 username=ubuntu password=ubuntu

Define Vaulted-Hosts in the Repository

This is the Deployfile.

xld {
    scope(
            forInfrastructure: 'Infrastructure/hosts'
    ) {
        infrastructure('vagrant.1', 'overthere.SshHost') {
            os = com.xebialabs.overthere.OperatingSystemFamily.UNIX
            managedByVault = true
            vaultServer = ref('Configuration/vault dev')
            address = '127.0.0.1'
            port = 2222
            username = 'vagrant'
            password = 'vagrant'
        }
        infrastructure('vagrant.2', 'overthere.SshHost') {
            os = com.xebialabs.overthere.OperatingSystemFamily.UNIX
            managedByVault = true
            vaultServer = ref('Configuration/vault dev')
            address = '127.0.0.1'
            port = 2222
            username = 'vagrant'
            password = 'vagrant'
        }
    }
    scope(
            forEnvironments: 'Environments/vault-demo'
    ) {
        environment('dev') {
            members = [
                    ref('Infrastructure/hosts/vagrant.1'),
                    ref('Infrastructure/hosts/vagrant.2')
            ]
        }
    }
}

import the application

e.g simplefile-4.dar

Deploy it !

Vault Deploy