super-duper-vault-train icon indicating copy to clipboard operation
super-duper-vault-train copied to clipboard

Published 20 hours ago • verified publisher icon v6

// , Provisioning should use Configuration as Code

Open v6 opened this issue 7 years ago • 3 comments

// , These are provisioned with shell scripts, which is a problematic way to do things for a lot of reasons.

We should still maintain the bash scripts versions. But using Chef would make a lot of things easier to test with Vault.

v6 avatar Aug 22 '18 21:08 v6

// , I've put the provisioning data in the provision_vault/data and provision_consul/data folders, and the scripts which use that data are in the provision_vault/scripts and provision_consul/scripts folders, respectively.

v6 avatar Dec 03 '18 21:12 v6

// , HERE BE DRAGONS.

Warning, this is more complex than other stuff in this repo. There are a lot of other solutions out there, and HashiCorp may already be working on one.

v6 avatar Dec 12 '18 22:12 v6

// , Here are some existing solutions to this, which automate the provisioning of Vault's internal features via its API:

https://www.hashicorp.com/blog/codifying-vault-policies-and-configuration

https://tech.spaceapegames.com/2017/07/26/vault-configuration-as-code/

v6 avatar Dec 12 '18 22:12 v6