The HashiCorp Vault plugin is an XL Deploy plugin that fetch information for a host into a Vault server:username, password, private key file path,...
- XL Deploy requirements
- XL Deploy: version 6.0.+
Place the plugin xldp
file into your SERVER_HOME/plugins
directory.
Define one or more vault.Server
CI is under the 'Configuration' Node.
All the host types have extra properties to link them to a key in a vault
- managedByVault (default false)
- vaultServer
- vaultKey an alternative key to look up in the vault, instead it is secret/[ci.id]
Start a vault server for exemple using the development mode:
vault server -dev
From the output, create a new ci of type vault.Server
under the node configuration
The only step you need to take is to set the following
environment variables:
export VAULT_ADDR='http://127.0.0.1:8200'
The unseal key and root token are reproduced below in case you
want to seal/unseal the Vault or play with authentication.
Unseal Key: TXDIS2qmD96+PS9ABAesExi8CPxl7AYCGC5as6mQ2MY=
Root Token: 40ce23a2-b5e2-d07f-2d34-349a47cc05bc
vault write secret/Infrastructure/hosts/vagrant.1 username=ubuntu password=ubuntu
vault write secret/Infrastructure/hosts/vagrant.2 username=ubuntu password=ubuntu
This is the Deployfile.
xld {
scope(
forInfrastructure: 'Infrastructure/hosts'
) {
infrastructure('vagrant.1', 'overthere.SshHost') {
os = com.xebialabs.overthere.OperatingSystemFamily.UNIX
managedByVault = true
vaultServer = ref('Configuration/vault dev')
address = '127.0.0.1'
port = 2222
username = 'vagrant'
password = 'vagrant'
}
infrastructure('vagrant.2', 'overthere.SshHost') {
os = com.xebialabs.overthere.OperatingSystemFamily.UNIX
managedByVault = true
vaultServer = ref('Configuration/vault dev')
address = '127.0.0.1'
port = 2222
username = 'vagrant'
password = 'vagrant'
}
}
scope(
forEnvironments: 'Environments/vault-demo'
) {
environment('dev') {
members = [
ref('Infrastructure/hosts/vagrant.1'),
ref('Infrastructure/hosts/vagrant.2')
]
}
}
}
e.g simplefile-4.dar