Merge pull request #61 from sasudi90/master

Support Vault agent in service and config file
voxpupuli · Jan 20, 2025 · 19dc6af · 19dc6af
2 parents 2ff48e2 + 375e8ca
commit 19dc6af
Show file tree

Hide file tree

Showing 7 changed files with 427 additions and 112 deletions.
diff --git a/README.md b/README.md
@@ -171,6 +171,42 @@ vault::storage:
     - leader_api_addr: https://vault3:8200
 ```
 
+## Vault Agent Configuration
+
+When running Vault in agent mode (`mode => 'agent'`), you can configure the agent behavior using these parameters:
+
+```puppet
+class { 'vault':
+  mode => 'agent',
+  agent_vault => {
+    'address' => 'https://vault.example.com:8200'
+  },
+  agent_auto_auth => {
+    'method' => [{
+      'type'       => 'approle',
+      'mount_path' => 'auth/approle',
+      'config'     => {
+        'role_id_file_path'   => '/etc/vault/role-id',
+        'secret_id_file_path' => '/etc/vault/secret-id'
+      }
+    }
+  }],
+  agent_cache => {
+    'use_auto_auth_token' => true
+  },
+  agent_listeners => [{
+    'tcp' => {
+      'address'     => '127.0.0.1:8100',
+      'tls_disable' => true
+    }
+  }],
+  agent_template => {
+    'source'      => '/etc/vault/template.ctmpl',
+    'destination' => '/etc/myapp/config.yml'
+  }
+}
+```
+
 ## mlock
 
 By default vault will use the `mlock` system call, therefore the executable will need the corresponding capability.
@@ -205,4 +241,4 @@ This module was forked from https://github.com/jsok/puppet-vault
 ## Related Projects
 
  * [hiera-vault](https://github.com/petems/petems-hiera_vault): A Hiera storage backend to retrieve secrets from Hashicorp's Vault
- * [vault_lookup](https://github.com/voxpupuli/puppet-vault_lookup): A puppet (deferred) function to do lookups in Vault
+ * [vault_lookup](https://github.com/voxpupuli/puppet-vault_lookup): A puppet (deferred) function to do lookups in Vault