An agent that works with vault-gatekeeper-mesos to fetch and renew Vault credentials.
Project description
Status
vaultkeeper is in PoC stage, and supports the following Vault secret backends:
Prerequisites
A Vault instance configured and running.
A vault-gatekeeper-mesos instance configured and running with your Vault instance and Mesos instance.
An application that uses Vault credentials and is configured to consume vaultkeeper output, such as a Django app using django-vaultkeeper-adaptor.
Installing the Package
Configuration
Environment Variables
vaultkeeper Configuration
vaultkeeper consumes its arguments from a JSON environment variable:
{
"entry_cmd": "sh /scripts/django-entrypoint.sh",
"output_path": "",
"refresh_interval": 30,
"lease_increment": 40,
"renewal_grace": 15
}
secrets Configuration
[{
"id": "default",
"backend": "postgresql",
"endpoint": "0.0.0.0:5432/mydb",
"vault_path": "database/creds/psql-rw",
"schema": "public",
"policy": "psql-rw",
"set_role": "app_owner",
},
{
"id": "broker1",
"backend": "rabbitmq",
"endpoint": "0.0.0.0:5672/myvhost",
"vault_path": "/rabbitmq/creds/ampq-worker",
"vhost": "myvhost",
"policy": "ampq-worker"
}]
Common base parameters in the secrets configuration file:
Deployment
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file vaultkeeper-0.1.7.tar.gz.
File metadata
- Download URL: vaultkeeper-0.1.7.tar.gz
- Upload date:
- Size: 12.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c8c14c5ce3f6f7741bc4b9142afca8247f1108139b8f6ba1058a25a3ad3b10bc
|
|
| MD5 |
367af52bef68ff7d924672c6d725f7f8
|
|
| BLAKE2b-256 |
5ec1103dcf6df6ec52c9c8867e30f2171e13844b159bcdec665e4cea0318b646
|