Vault
This plugin provides a possibility to fetch secrets from a Vault server and use them as Rudder variables directly on the agent. The Rudder server itself does not need to have access to the Vault.
Installation
-
Edit the configuration file in
/var/rudder/plugin-resources/vault.json
on each agent. This config file must contain the address of your Vault server, credentials to access it and the auth mode you want to use. A sample config is inshare/plugins/vault/sample_vault.json
.
Usage
Use the Variable from vault generic method in Rudder to fetch secrets.
Make sure the agents the generic method is being used on have a proper
vault.json
configuration. A sample config is provided at
/opt/rudder/share/plugins/vault/sample_vault.json
. This file needs your
Vault server address, the configuration for at least one auth mode, and
the name of the auth mode to be used. Auth modes can be token
,
userpass
or tls
.
← Known issues Installation →