Vault
This plugin provides a possibility to fetch secrets from a Vault server and use them as Rudder variables directly on the agent. The Rudder server itself does not need to have access to the Vault.
Installation
-
Edit the configuration file in
/var/rudder/plugin-resources/vault.jsonon each agent. This config file must contain the address of your Vault server, credentials to access it and the auth mode you want to use. A sample config is inshare/plugins/vault/sample_vault.json.
Usage
Use the Variable from vault generic method in Rudder to fetch secrets.
Make sure the agents the generic method is being used on have a proper
vault.json configuration. A sample config is provided at
/opt/rudder/share/plugins/vault/sample_vault.json. This file needs your
Vault server address, the configuration for at least one auth mode, and
the name of the auth mode to be used. Auth modes can be token,
userpass or tls.