request a database and point vault at it

reactive/vault.py

@@ -1,10 +1,11 @@
 from charmhelpers.core.hookenv import (
+    config,
     open_port,
 )
 
 from charmhelpers.core.host import (
+    service_start,
     service_stop,
-    service_restart,
 )
 
 from charmhelpers.core.templating import (
@@ -22,10 +23,14 @@ from charms.reactive import (
 
 @when('snap.installed.vault')
 @when_not('configured')
-def configure_vault():
-    render('vault.hcl.j2', '/var/snap/vault/common/vault.hcl', {}, perms=0o644)
+@when('db.master.available')
+def configure_vault(psql):
+    context = {
+        'db_conn': psql.master,
+    }
+    render('vault.hcl.j2', '/var/snap/vault/common/vault.hcl', context, perms=0o644)
     render('vault.service.j2', '/etc/systemd/system/vault.service', {}, perms=0o644)
-    service_restart('vault')
+    service_start('vault')      # restart seals the vault
     open_port(8200)
     set_state('configured')
 
@@ -33,3 +38,9 @@ def configure_vault():
 @hook('upgrade-charm')
 def upgrade_charm():
     remove_state('configured')
+
+
+@when('db.connected')
+def request_db(pgsql):
+    pgsql.set_database('vault')
+

templates/vault.hcl.j2

@@ -1,10 +1,15 @@
 # XXX(pjdc): Fix this before we go live!
 disable_mlock = true
 
-storage "inmem" {
+{%- if db_conn %}
+storage "postgresql" {
+  connection_url = "{{ db_conn.uri }}"
 }
+{%- endif %}
 
 listener "tcp" {
  address = "0.0.0.0:8200"
  tls_disable = 1
 }
+
+