salt.runners.vault

maintainer:SaltStack
maturity:new
platform:all

Runner functions supporting the Vault modules. Configuration instructions are documented in the execution module docs.

salt.runners.vault.generate_token(minion_id, signature, impersonated_by_master=False, ttl=None, uses=None)

Generate a Vault token for minion minion_id

minion_id
The id of the minion that requests a token
signature
Cryptographic signature which validates that the request is indeed sent by the minion (or the master, see impersonated_by_master).
impersonated_by_master
If the master needs to create a token on behalf of the minion, this is True. This happens when the master generates minion pillars.
ttl
Ticket time to live in seconds, 1m minutes, or 2h hrs
uses
Number of times a token can be used
salt.runners.vault.show_policies(minion_id)

Show the Vault policies that are applied to tokens for the given minion

minion_id
The minions id

CLI Example:

salt-run vault.show_policies myminion
salt.runners.vault.unseal()

Unseal Vault server

This function uses the 'keys' from the 'vault' configuration to unseal vault server

vault:
keys:
  • n63/TbrQuL3xaIW7ZZpuXj/tIfnK1/MbVxO4vT3wYD2A
  • S9OwCvMRhErEA4NVVELYBs6w/Me6+urgUr24xGK44Uy3
  • F1j4b7JKq850NS6Kboiy5laJ0xY8dWJvB3fcwA+SraYl
  • 1cYtvjKJNDVam9c7HNqJUfINk4PYyAXIpjkpN/sIuzPv
  • 3pPK5X6vGtwLhNOFv1U2elahECz3HpRUfNXJFYLw6lid

CLI Examples:

salt-run vault.unseal

Docs for previous releases are available on readthedocs.org.

Latest Salt release: 3004.1

Previous topic

salt.runners.thin

Next topic

salt.runners.venafiapi