diff options
author | Marc A. Paradise <marc.paradise@gmail.com> | 2021-08-26 13:06:09 -0400 |
---|---|---|
committer | Marc A. Paradise <marc.paradise@gmail.com> | 2021-08-27 16:09:23 -0400 |
commit | 377ba8443e42dcb002158bb489cb504dc67efc18 (patch) | |
tree | fac28222a7c001b34c87d1794f2c3d423fb5c157 /chef.gemspec | |
parent | fd68f7f1fb1e63f1cb40d7ef24346afd0884ed95 (diff) | |
download | chef-377ba8443e42dcb002158bb489cb504dc67efc18.tar.gz |
Add support for secrets stored in HashiCorp Vault
Vault secrets are stored as key-value pairs, so the return value
from a secret lookup is always a Hash.
Example:
```
file "/home/user/test1" do
content secret(name: "secret/example",
service: :hashi_vault,
config: {
vault_addr: "vault.example.com",
role_name: "example-role"
})[:answer]
end
```
As shown above, we are expecting a hash from Vault, and are populating the file
content based on the value of `:answer` in that hash.
Limitations:
* This iteration only supports instance authentication via a Vault
role connected to an IAM profile.
* This iteration does not support versioned secrets
Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
Diffstat (limited to 'chef.gemspec')
-rw-r--r-- | chef.gemspec | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/chef.gemspec b/chef.gemspec index 0f278fff8f..936a9dfd91 100644 --- a/chef.gemspec +++ b/chef.gemspec @@ -56,6 +56,7 @@ Gem::Specification.new do |s| s.add_dependency "proxifier", "~> 1.0" s.add_dependency "aws-sdk-secretsmanager", "~> 1.46" + s.add_dependency "vault", "~> 0.16" # hashi vault official client gem s.bindir = "bin" s.executables = %w{ } |