Channel Revision Published Runs on
latest/edge 222 20 Jan 2024
Ubuntu 23.10
1.8/stable 209 05 Jan 2024
Ubuntu 22.04
1.8/edge 164 09 Aug 2023
Ubuntu 23.04
1.15/beta 276 18 Apr 2024
Ubuntu 22.04
1.15/edge 277 18 Apr 2024
Ubuntu 22.04
1.7/stable 210 10 Jan 2024
Ubuntu 22.04 Ubuntu 20.04
1.6/stable 182 14 Sep 2023
Ubuntu 20.04 Ubuntu 18.04
1.5/stable 268 11 Apr 2024
Ubuntu 20.04 Ubuntu 18.04
juju deploy vault --channel 1.8/stable
Show information


  • auto-generate-root-ca-cert | boolean

    Once unsealed, automatically generate a self-signed root CA rather than waiting for an action to be called to either generate one or process a signing request to act as an intermediary CA. Note that this will use all default values for the root CA cert. If you want to adjust those values, you should use the generate-root-ca action instead.

  • channel | string

    Default: 1.8/stable

    The snap channel to install from. WARNING: Changing this value will cause ALL the vault units to become sealed, due to the snap refresh and the service being restarted on each unit.

  • default-ca-ttl | string

    Default: 87599h

    Default TTL to use when generating CA certs.

  • default-ttl | string

    Default: 8759h

    Default TTL to use when generating certs.

  • disable-mlock | boolean

    Set this option only if you are deploying to an environment that does not support the mlock(2) system call. When this option is set, vault will be unable to prevent secrets from being paged out, so use it with extreme caution.

  • dns-ha-access-record | string

    DNS record to use for DNS HA with MAAS. Mutually exclusive with the vip config option or lb-provider relation.

  • hostname | string

    Hostname to be used for the API URL. This hostname should exist as a DNS record and be resolvable by the charms that will consume the relation with vault.

  • max-ttl | string

    Default: 87600h

    Max allowed TTL to use when generating certs (must be greater than the default).

  • nagios_context | string

    Default: juju

    A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.

  • nagios_servicegroups | string

    Comma separated list of nagios servicegroups for the service checks.

  • snapd_refresh | string

    How often snapd handles updates for installed snaps. The default (an empty string) is 4x per day. Set to "max" to check once per month based on the charm deployment date. You may also set a custom string as described in the 'refresh.timer' section here:

  • ssl-ca | string

    The SSL Root CA certificate, base64-encoded.

  • ssl-cert | string

    The SSL certificate, base64-encoded.

  • ssl-chain | string

    The SSL chain certificate, base64-encoded.

  • ssl-key | string

    The SSL key, base64-encoded.

  • totally-unsecure-auto-unlock | boolean

    FOR TESTING ONLY. Initialise vault after deployment and store the keys locally. Locally stored material can be displayed with: juju run --unit vault/0 leader-get

  • vip | string

    Virtual IP to use api traffic. You can provide up to two addresses configured on the access or external bindings. If neither binding is used then you can only provide one address that must be configured on the default space. Mutually exclusive with the dns-ha-access-record config option or lb-provider relation.