secrets_provider_vault – Manage Sensu VaultProvider secrets providers

Create, update or delete a Sensu Go VaultProvider secrets provider.

For more information, refer to the Sensu Go documentation at https://docs.sensu.io/sensu-go/latest/operations/manage-secrets/secrets-providers/.

New in version 1.6.0.

Requirements

The below requirements are needed on the host that executes this module:

• python >= 2.7

Examples

- name: Create a vault secrets provider
  sensu.sensu_go.secrets_provider_vault:
    name: my-vault
    address: https://my-vault.com
    token: VAULT_TOKEN
    version: v1

- name: Delete a vault secrets provider
  sensu.sensu_go.secrets_provider_vault:
    name: my-vault
    state: absent

See Also

See also

• secrets_provider_env – Manage Sensu Env secrets provider

• secrets_provider_info – List Sensu secrets providers

• secret – Manage Sensu Go secrets

• secret_info – List available Sensu Go secrets

Parameters

address (optional)

Address of the Vault server.

Required if state is present.

type: str

auth (optional)

Authentication parameters. Can define each of them with ENV as well.

type: dict

api_key (optional)

The API key that should be used when authenticating. If this is not set, the value of the SENSU_API_KEY environment variable will be checked.

This replaces auth.user and auth.password parameters.

For more information about the API key, refer to the official Sensu documentation at https://docs.sensu.io/sensu-go/latest/guides/use-apikey-feature/.

type: str

ca_path (optional)

Path to the CA bundle that should be used to validate the backend certificate.

If this parameter is not set, module will use the CA bundle that python is using.

It is also possible to set this parameter via the SENSU_CA_PATH environment variable.

type: path

password (optional)

The Sensu user’s password. If this is not set the value of the SENSU_PASSWORD environment variable will be checked.

This parameter is ignored if the auth.api_key parameter is set.

type: str

default: P@ssw0rd!

url (optional)

Location of the Sensu backend API. If this is not set the value of the SENSU_URL environment variable will be checked.

type: str

default: http://localhost:8080

user (optional)

The username to use for connecting to the Sensu API. If this is not set the value of the SENSU_USER environment variable will be checked.

This parameter is ignored if the auth.api_key parameter is set.

type: str

default: admin

verify (optional)

Flag that controls the certificate validation.

If you are using self-signed certificates, you can set this parameter to false.

ONLY USE THIS PARAMETER IN DEVELOPMENT SCENARIOS! In you use self-signed certificates in production, see the auth.ca_path parameter.

It is also possible to set this parameter via the SENSU_VERIFY environment variable.

type: bool

default: True

burst_limit (optional)

Maximum allowed number of secrets requests in a rate interval.

type: int

max_retries (optional)

Maximum number of times to retry failed connections to Vault server.

type: int

name (required)

The Sensu resource’s name. This name (in combination with the namespace where applicable) uniquely identifies the resource that Ansible operates on.

If the resource with selected name already exists, Ansible module will update it to match the specification in the task.

Consult the name metadata attribute specification in the upstream docs on https://docs.sensu.io/sensu-go/latest/reference/ for more details about valid names and other restrictions.

type: str

rate_limit (optional)

Maximum number of secrets requests for per second.

type: float

state (optional)

Target state of the Sensu object.

type: str

default: present

choices: present, absent

timeout (optional)

Timeout (in seconds) for connection to Vault server.

type: int

tls (optional)

TLS configuration for establishing connection with Vault server.

type: dict

ca_cert (optional)

Path to the certificate file of the trusted certificate authority.

type: str

client_cert (optional)

Path to the client certificate file.

type: str

client_key (optional)

Path to the client key file.

type: str

cname (optional)

Canonical name for the client.

type: str

token (optional)

Authentication token to use with Vault.

Required if state is present.

type: str

version (optional)

Version of the Vault key/value store.

Please refer to https://www.vaultproject.io/docs/secrets/kv for additional information.

Required if state is present.

type: str

choices: v1, v2

Return Values

object

Object representing Sensu vault secrets provider.

sample:

client:
  address: https://vaultserver.example.com:8200
  max_retries: 2
  rate_limiter:
    burst: 100
    limit: 10
  timeout: 20s
  tls:
    ca_cert: /etc/ssl/certs/vault_ca_cert.pem
  token: VAULT_TOKEN
  version: v1
metadata:
  name: vault