`vault`¶

Use secret values sourced from Vault in sdb:// URIs.

Important

This module requires the general Vault setup.

Setup¶

Like all SDB modules, this module requires a configuration profile in either the minion configuration file or a pillar:

myvault:
  driver: vault

Once configured, you can access data using a URL such as:

password: sdb://myvault/secret/passwords/mypassword

In this URL, myvault refers to the configuration profile, secret/passwords is the path where the data resides, and mypassword is the key of the data to return.

The above URI is analogous to running the following vault command:

$ vault read -field=mypassword secret/passwords

Further configuration¶

The following options can be set in the profile:

patch: When writing data, partially update the secret instead of overwriting it completely. This is usually the expected behavior, since without this option, each secret path can only contain a single mapping key safely. Currently defaults to False for backwards-compatibility reasons. Beginning with version 2 of this extension, will default to True.

saltext.vault.sdb.vault.set_(key, value, profile=None)[source]¶: Set a key/value pair in the vault service

saltext.vault.sdb.vault.get(key, profile=None)[source]¶: Get a value from the vault service

vault¶

Setup¶

Further configuration¶

`vault`¶