salt.pillar.vault module

Vault Pillar Module

maintainer

SaltStack

maturity

New

platform

all

New in version 2016.11.0.

This module allows pillar data to be stored in Hashicorp Vault.

Base configuration instructions are documented in the execution module docs. Below are noted extra configuration required for the pillar module, but the base configuration must also be completed.

After the base Vault configuration is created, add the configuration below to the ext_pillar section in the Salt master configuration.

ext_pillar:
  - vault: path=secret/salt

Each key needs to have all the key-value pairs with the names you require. Avoid naming every key 'password' as you they will collide:

$ vault write secret/salt auth=my_password master=127.0.0.1

The above will result in two pillars being available, auth and master.

You can then use normal pillar requests to get each key pair directly from pillar root. Example:

$ salt-ssh '*' pillar.get auth

Multiple Vault sources may also be used:

ext_pillar:
  - vault: path=secret/salt
  - vault: path=secret/root
  - vault: path=secret/minions/{minion}/pass
salt.pillar.vault.ext_pillar(minion_id, pillar, conf)

Get pillar data from Vault for the configuration conf.