Vlgrevtsev Vault
- By Vladimir Grevtsev
- Security
Channel | Revision | Published | Runs on |
---|---|---|---|
latest/stable | 3 | 19 Mar 2021 |
juju deploy vlgrevtsev-vault
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
-
auto-generate-root-ca-cert | boolean
Once unsealed, automatically generate a self-signed root CA rather than waiting for an action to be called to either generate one or process a signing request to act as an intermediary CA. Note that this will use all default values for the root CA cert. If you want to adjust those values, you should use the generate-root-ca action instead.
-
channel | string
Default: stable
The snap channel to install from.
-
disable-mlock | boolean
Set this option only if you are deploying to an environment that does not support the mlock(2) system call. When this option is set, vault will be unable to prevent secrets from being paged out, so use it with extreme caution.
-
dns-ha-access-record | string
DNS record to use for DNS HA with MAAS. Do not use vip setting if this is set.
-
nagios_context | string
Default: juju
A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
-
nagios_servicegroups | string
Comma separated list of nagios servicegroups for the service checks.
-
snap_proxy | string
HTTP/HTTPS web proxy for Snappy to use when accessing the snap store.
-
snap_proxy_url | string
The address of a Snap Store Proxy to use for snaps e.g. http://snap-proxy.example.com
-
snapd_refresh | string
How often snapd handles updates for installed snaps. The default (an empty string) is 4x per day. Set to "max" to check once per month based on the charm deployment date. You may also set a custom string as described in the 'refresh.timer' section here: https://forum.snapcraft.io/t/system-options/87
-
ssl-ca | string
The SSL Root CA certificate, base64-encoded.
-
ssl-cert | string
The SSL certificate, base64-encoded.
-
ssl-chain | string
The SSL chain certificate, base64-encoded.
-
ssl-key | string
The SSL key, base64-encoded.
-
totally-unsecure-auto-unlock | boolean
FOR TESTING ONLY. Initialise vault after deployment and store the keys locally.
-
vip | string
Virtual IP to use api traffic