salt.runners.vault

maintainer

SaltStack

maturity

new

platform

all

Runner functions supporting the Vault modules. Configuration instructions are documented in the execution module docs.

salt.runners.vault.generate_token(minion_id, signature, impersonated_by_master=False)

Generate a Vault token for minion minion_id

minion_id

The id of the minion that requests a token

signature

Cryptographic signature which validates that the request is indeed sent by the minion (or the master, see impersonated_by_master).

impersonated_by_master

If the master needs to create a token on behalf of the minion, this is True. This happens when the master generates minion pillars.

salt.runners.vault.show_policies(minion_id)

Show the Vault policies that are applied to tokens for the given minion

minion_id

The minions id

CLI Example:

salt-run vault.show_policies myminion
salt.runners.vault.unseal()

Unseal Vault server

This function uses the 'keys' from the 'vault' configuration to unseal vault server

vault:
keys:

  • n63/TbrQuL3xaIW7ZZpuXj/tIfnK1/MbVxO4vT3wYD2A

  • S9OwCvMRhErEA4NVVELYBs6w/Me6+urgUr24xGK44Uy3

  • F1j4b7JKq850NS6Kboiy5laJ0xY8dWJvB3fcwA+SraYl

  • 1cYtvjKJNDVam9c7HNqJUfINk4PYyAXIpjkpN/sIuzPv

  • 3pPK5X6vGtwLhNOFv1U2elahECz3HpRUfNXJFYLw6lid

CLI Examples:

salt-run vault.unseal

Generated on January 08, 2021 at 20:51:45 UTC.

You are viewing docs for the previous stable release, 2019.2.8. Switch to docs for the latest stable release, 3002.2, or to a recent doc build from the master branch.


saltstack.com

© 2021 SaltStack. All Rights Reserved, SaltStack Inc. | Privacy Policy