Vault
- By Vault charmers
- Security
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/edge | 383 | 23 Aug 2024 | |
latest/edge | 367 | 25 Jul 2024 | |
latest/edge | 364 | 23 Jul 2024 | |
latest/edge | 363 | 23 Jul 2024 | |
latest/edge | 336 | 20 Jun 2024 | |
latest/edge | 335 | 20 Jun 2024 | |
latest/edge | 334 | 20 Jun 2024 | |
latest/edge | 333 | 20 Jun 2024 | |
latest/edge | 332 | 20 Jun 2024 | |
latest/edge | 331 | 20 Jun 2024 | |
latest/edge | 330 | 20 Jun 2024 | |
latest/edge | 329 | 20 Jun 2024 | |
latest/edge | 220 | 20 Jan 2024 | |
latest/edge | 216 | 19 Jan 2024 | |
latest/edge | 214 | 19 Jan 2024 | |
latest/edge | 213 | 19 Jan 2024 | |
latest/edge | 109 | 18 Apr 2023 | |
latest/edge | 79 | 02 Aug 2022 | |
1.8/stable | 372 | 26 Jul 2024 | |
1.8/edge | 164 | 09 Aug 2023 | |
1.8/edge | 162 | 09 Aug 2023 | |
1.8/edge | 161 | 09 Aug 2023 | |
1.8/edge | 159 | 09 Aug 2023 | |
1.8/edge | 157 | 09 Aug 2023 | |
1.8/edge | 156 | 09 Aug 2023 | |
1.8/edge | 155 | 09 Aug 2023 | |
1.8/edge | 154 | 09 Aug 2023 | |
1.8/edge | 140 | 07 Aug 2023 | |
1.8/edge | 138 | 04 Aug 2023 | |
1.8/edge | 135 | 04 Aug 2023 | |
1.8/edge | 131 | 04 Aug 2023 | |
1.16/stable | 387 | 12 Sep 2024 | |
1.16/candidate | 387 | 12 Sep 2024 | |
1.16/beta | 387 | 12 Sep 2024 | |
1.16/edge | 390 | 02 Oct 2024 | |
1.15/stable | 357 | 24 Jul 2024 | |
1.15/candidate | 357 | 24 Jul 2024 | |
1.15/beta | 357 | 24 Jul 2024 | |
1.15/edge | 376 | 31 Jul 2024 | |
1.7/stable | 371 | 26 Jul 2024 | |
1.6/stable | 369 | 26 Jul 2024 | |
1.5/stable | 370 | 26 Jul 2024 |
juju deploy vault --channel 1.8/stable
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
-
auto-generate-root-ca-cert | boolean
Once unsealed, automatically generate a self-signed root CA rather than waiting for an action to be called to either generate one or process a signing request to act as an intermediary CA. Note that this will use all default values for the root CA cert. If you want to adjust those values, you should use the generate-root-ca action instead.
-
channel | string
Default: 1.8/stable
The snap channel to install from. WARNING: Changing this value will cause ALL the vault units to become sealed, due to the snap refresh and the service being restarted on each unit.
-
default-ca-ttl | string
Default: 87599h
Default TTL to use when generating CA certs.
-
default-ttl | string
Default: 8759h
Default TTL to use when generating certs.
-
disable-mlock | boolean
Set this option only if you are deploying to an environment that does not support the mlock(2) system call. When this option is set, vault will be unable to prevent secrets from being paged out, so use it with extreme caution.
-
dns-ha-access-record | string
DNS record to use for DNS HA with MAAS. Mutually exclusive with the vip config option or lb-provider relation.
-
hostname | string
Hostname to be used for the API URL. This hostname should exist as a DNS record and be resolvable by the charms that will consume the relation with vault.
-
max-ttl | string
Default: 87600h
Max allowed TTL to use when generating certs (must be greater than the default).
-
nagios_context | string
Default: juju
A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
-
nagios_servicegroups | string
Comma separated list of nagios servicegroups for the service checks.
-
snapd_refresh | string
How often snapd handles updates for installed snaps. The default (an empty string) is 4x per day. Set to "max" to check once per month based on the charm deployment date. You may also set a custom string as described in the 'refresh.timer' section here: https://forum.snapcraft.io/t/system-options/87
-
ssl-ca | string
The SSL Root CA certificate, base64-encoded.
-
ssl-cert | string
The SSL certificate, base64-encoded.
-
ssl-chain | string
The SSL chain certificate, base64-encoded.
-
ssl-key | string
The SSL key, base64-encoded.
-
totally-unsecure-auto-unlock | boolean
FOR TESTING ONLY. Initialise vault after deployment and store the keys locally. Locally stored material can be displayed with: juju run --unit vault/0 leader-get
-
vip | string
Virtual IP to use api traffic. You can provide up to two addresses configured on the access or external bindings. If neither binding is used then you can only provide one address that must be configured on the default space. Mutually exclusive with the dns-ha-access-record config option or lb-provider relation.