openstack
/
charm-vault
Code Issues Proposed changes
charm-vault/src
History
James Page 6f043bb7ca Correct key name for PKI backend TTL 
Switch max-lease-ttl -> max_lease_ttl inline with Vault API
docs to ensure that certs can be issued for more than 30 days.

Existing deployments with PKI enabled will be re-tuned to
set max_lease_ttl to 10 years, correcting any existing PKI
enablement.

Certificates must be re-issued to use the TTL as provided
during upload of the signed CSR for an Intermediate certificate.

For deploys using the internally signed Root CA, the root
CA must be re-generated using the 'disable-pki' and
'generate-root-ca' actions.

Change-Id: I6a771090e320404c605d2170c7915c3c22a3ea2c
Closes-Bug: 1788945
 		2019-01-18 09:37:56 +02:00
..
actions Correct key name for PKI backend TTL 2019-01-18 09:37:56 +02:00
files/nagios Vault version in snap store may not start with 'v' 2018-06-14 13:51:25 +00:00
lib/charm Correct key name for PKI backend TTL 2019-01-18 09:37:56 +02:00
reactive Correct key name for PKI backend TTL 2019-01-18 09:37:56 +02:00
templates Revert to v3 etcd api but skip TLS verification 2018-09-07 14:51:33 +01:00
tests Correct key name for PKI backend TTL 2019-01-18 09:37:56 +02:00
README.md Add basic network spaces support 2018-04-19 11:54:55 +01:00
actions.yaml Add action to generate root CA 2018-10-03 14:02:53 -04:00
config.yaml Add action to generate root CA 2018-10-03 14:02:53 -04:00
copyright Restructure charm to follow src dir format 2018-02-19 10:19:09 +00:00
icon.svg Add icon 2018-04-18 15:05:28 +01:00
layer.yaml Add support for tls-certificates interface 2018-06-06 08:18:30 +00:00
metadata.yaml Update series metadata 2018-07-11 14:08:11 -05:00
test-requirements.txt Rebuild for sync charm-helpers 2018-11-09 14:50:26 -08:00
tox.ini Pass all CS_ vars to tox env to pickup timeout 2018-09-20 11:19:17 +00:00
wheelhouse.txt vault-kv: Add functional test and use KV v1 2018-11-13 17:16:54 +00:00

README.md

Overview

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Through a unified API, users can access an encrypted Key/Value store and network encryption-as-a-service, or generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH credentials, and more.

About the Charm

This charm installs Vault from the Ubuntu Snap Store and supports the PostgreSQL and MySQL storage backends. Note that Vault itself does not support PostgreSQL 10, so neither does this charm. If you're deploying on bionic, you'll need to deploy a 9.x version of PostgreSQL.

After deploying and relating the charm to postgresql, install the vault snap locally and use "vault init" to create the master key shards and the root token, and store them safely.

Network Spaces support

The vault charm directly supports network binding via the 'access' extra-binding and the 'cluster' peer relation. These allow the Vault API and inter-unit Cluster addresses to be configured using Juju network spaces.