Runner functions supporting the Vault modules. Configuration instructions are documented in the execution module docs.
SaltStack
new
all
Simulates a pillar dictionary. Only compiles the pillar once an item is requested.
Generate a Vault token for minion minion_id
The id of the minion that requests a token
Cryptographic signature which validates that the request is indeed sent by the minion (or the master, see impersonated_by_master).
If the master needs to create a token on behalf of the minion, this is True. This happens when the master generates minion pillars.
Ticket time to live in seconds, 1m minutes, or 2h hrs
Number of times a token can be used
Show the Vault policies that are applied to tokens for the given minion.
The minion's id.
Whether to refresh the pillar data when rendering templated policies.
None will only refresh when the cached data is unavailable, boolean values
force one behavior always.
Defaults to config value policies_refresh_pillar
or None.
Policy computation can be heavy in case pillar data is used in templated policies and
it has not been cached. Therefore, a short-lived cache specifically for rendered policies
is used. This specifies the expiration timeout in seconds.
Defaults to config value policies_cache_time
or 60.
CLI Example:
salt-run vault.show_policies myminion
Unseal Vault server
This function uses the 'keys' from the 'vault' configuration to unseal vault server
n63/TbrQuL3xaIW7ZZpuXj/tIfnK1/MbVxO4vT3wYD2A
S9OwCvMRhErEA4NVVELYBs6w/Me6+urgUr24xGK44Uy3
F1j4b7JKq850NS6Kboiy5laJ0xY8dWJvB3fcwA+SraYl
1cYtvjKJNDVam9c7HNqJUfINk4PYyAXIpjkpN/sIuzPv
3pPK5X6vGtwLhNOFv1U2elahECz3HpRUfNXJFYLw6lid
CLI Examples:
salt-run vault.unseal