kris/puppet-acme_vault
1
0
Fork 0
mirror of https://github.com/krislamo/puppet-acme_vault synced 2024-09-19 20:40:36 +00:00
Code Issues Releases Wiki Activity

update policy/rules in vault_policy, add vault token renew cron job.

Browse Source
This commit is contained in:
Bob Belnap 2018-03-05 13:05:42 -05:00
parent f856290e11
commit 7a93cba305
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
manifests/common.pp
View File

@ -73,5 +73,12 @@ END
environment => "MAILTO=${contact_email}", environment => "MAILTO=${contact_email}",
} }
# renew vault token
cron { 'renew vault token':
command => "$vault_bin token-renew > /dev/null",
user => $user,
weekday => 1,
}
} }

14
vault_policy.sh
View File

@ -18,8 +18,18 @@ path "secret/dns_api/token" {
capabilities = ["read"] capabilities = ["read"]
} }
' '
vault write sys/policy/cert_read policy=@<(echo $cert_read)
vault write sys/policy/cert_write policy=@<(echo $cert_write) # the key here changed from "rules" to "policy" in v0.9, this is a basic check
if vault --version | grep -q 'v0.8'
then
K=rules
else
K=policy
fi
vault write sys/policy/cert_read $K=@<(echo $cert_read)
vault write sys/policy/cert_write $K=@<(echo $cert_write)
# create periodic tokens: # create periodic tokens:
# these tokens have a period of 20 days, they will expire if not renewed. # these tokens have a period of 20 days, they will expire if not renewed.