juju deploy cs:vault
a tool for managing secrets Read more
Discuss this charm
Share your thoughts on this charm with the community on discourse.
Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Through a unified API, users can access an encrypted key/value store and network encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and more.
The charm installs Vault from a snap.
This section covers common configuration options. See file
the full list of options, along with their descriptions and default values.
channel option sets the snap channel to use for deployment (e.g.
'latest/edge'). The default value is 'latest/stable'.
Deploy a single vault unit in this way:
juju deploy vault
Then relate it to either MySQL or PostgreSQL.
For MySQL 5:
juju add-relation vault:shared-db percona-cluster:shared-db
For MySQL 8:
juju deploy mysql-router vault-mysql-router juju add-relation vault-mysql-router:db-router mysql-innodb-cluster:db-router juju add-relation vault-mysql-router:shared-db vault:shared-db
For PostgreSQL, its version and the underlying machine series must be
compatible (e.g. 9.5/xenial or 10/bionic). Use configuration option
with the postgresql charm to select a version. For example,
juju deploy --config version=9.5 --series xenial postgresql juju add-relation vault:db postgresql:db
Once the vault application is deployed the following tasks must be performed:
- Vault initialisation
- Unsealing of Vault
- Charm authorisation
This section lists Juju actions supported by the charm. Actions allow specific operations to be performed on a per-unit basis.
To display action descriptions run
juju actions vault. If the charm
is not deployed then see file
Please report bugs on Launchpad.
For general charm questions refer to the OpenStack Charm Guide.