Resource Type: sensu_secrets_vault_provider

Defined in:
lib/puppet/type/sensu_secrets_vault_provider.rb
Providers:
sensuctl
sensu_api

Summary

Manages Sensu Secrets provider

Overview

NOTE Property names map to the client hash in Sensu Go reference for a secrets VaultProvider

Autorequires:

  • Package[sensu-go-cli]
  • Service[sensu-backend]
  • Sensuctl_configure[puppet]
  • Sensu_api_validator[sensu]
  • Sensu_user[admin]

Examples:

Manage a secrets vault provider

sensu_secrets_vault_provider { 'my_vault-api':
  ensure       => 'present',
  address      => "https://vaultserver.example.com:8200",
  token        => "VAULT_TOKEN",
  version      => "v1",
  max_retries  => 2,
  timeout      => "20s",
  tls          => {
    "ca_cert" => "/etc/ssl/certs/ca-bundle.crt"
  },
  rate_limiter => {
    "limit" => 10,
    "burst" => 100
  },
}

Properties

  • address

    Vault server address.

  • ensure (defaults to: present)

    The basic property that the resource should be in.

    Supported values:
    • present
    • absent
  • max_retries (defaults to: 2)

    Number of times to retry connecting to the vault provider.

  • rate_limiter (defaults to: absent)

    Keys:

    • limit - Maximum number of secrets requests per second that can be transmitted to the backend with the secrets API.
    • burst - Maximum amount of burst allowed in a rate interval for the secrets API.
  • timeout (defaults to: 60s)

    Provider connection timeout (hard stop).

  • tls (defaults to: absent)

    TLS object. Vault only works with TLS configured.

  • token

    Vault token to use for authentication.

  • version

    HashiCorp Vault HTTP API version

Parameters

  • name (namevar)

    The name of the secrets provider.

  • provider

    The specific backend to use for this sensu_secrets_vault_provider resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

  • token_file

    Path to file that contains token to use for authentication.

    To update this resource with new content for the file, requires sending notify event from the file resource.

    Example:

    file { '/etc/sensu/provider-secret': ... notify => Sensu_secrets_vault_provider['my-vault'], }