Skip to content

Commit

Permalink
update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
ltamaster committed Jan 7, 2021
1 parent c84bdb4 commit e21ccbc
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 5 deletions.
42 changes: 40 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ Default value: 1
### Configuration Examples
* **example basic settings**
#### **example basic settings**
```
rundeck.storage.provider.1.type=vault-storage
rundeck.storage.provider.1.path=keys
Expand All @@ -179,7 +179,7 @@ rundeck.storage.provider.1.config.address=$VAULT_URL
rundeck.storage.provider.1.config.token=$VAULT_TOKEN
```
* **existing vault storage**
#### **existing vault storage**
For existing vault storage, probably you will need to remove the default `keys` path added by default for rundeck.
You can use these settings for an existing vault storage:
Expand All @@ -194,6 +194,44 @@ rundeck.storage.provider.1.config.token=$VAULT_TOKEN
rundeck.storage.provider.1.config.storageBehaviour=vault
```
#### **Using APPROLE authentication**
You can use these settings for an existing vault storage:
```
rundeck.storage.provider.1.type=vault-storage
rundeck.storage.provider.1.path=keys
rundeck.storage.provider.1.config.prefix=app
rundeck.storage.provider.1.config.secretBackend=secret
rundeck.storage.provider.1.config.address=$VAULT_URL
rundeck.storage.provider.1.config.engineVersion=2
rundeck.storage.provider.1.config.storageBehaviour=vault

#auth
rundeck.storage.provider.1.config.authBackend=approle
rundeck.storage.provider.1.config.approleAuthMount=approle
rundeck.storage.provider.1.config.approleId=$VAULT_APPROLE_ID
rundeck.storage.provider.1.config.approleSecretId=$VAULT_APPROLE_SECRET_ID

#timeouts
rundeck.storage.provider.1.config.maxRetries=500
rundeck.storage.provider.1.config.retryIntervalMilliseconds=2
rundeck.storage.provider.1.config.openTimeout=2500
rundeck.storage.provider.1.config.readTimeout=2500
```
**Enabling APPROLE Vault using API**
```
curl --header "X-Vault-Token: $TOKEN" --request POST --data '{"type": "approle"}' http://localhost:8200/v1/sys/auth/approle
curl --header "X-Vault-Token: $TOKEN" --request POST --data '{"policies": "rundeck", "token_ttl": "2m", "token_max_ttl": "2m"}' http://localhost:8200/v1/auth/approle/role/rundeck
# get $VAULT_APPROLE_ID
curl --header "X-Vault-Token: $TOKEN" http://localhost:8200/v1/auth/approle/role/rundeck/role-id | jq
# get $VAULT_APPROLE_SECRET_ID
curl --header "X-Vault-Token: $TOKEN" --request POST http://localhost:8200/v1/auth/approle/role/rundeck/secret-id | jq
```
## Vault API versions
Since version 1.3.1, this plugin can work with `kV Secrets Engine - Version 2`.
Expand Down
6 changes: 3 additions & 3 deletions docker/docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,12 @@ services:
- RUNDECK_STORAGE_PROVIDER_1_TYPE=vault-storage
- RUNDECK_STORAGE_PROVIDER_1_PATH=keys
- RUNDECK_STORAGE_PROVIDER_1_REMOVEPATHPREFIX=true
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_SECRETBACKEND=kv
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_PREFIX=test
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_SECRETBACKEND=secret
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_PREFIX=app
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_ADDRESS=http://vault:8200
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_TOKEN=${VAULT_TOKEN}
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_BEHAVIOUR=vault
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_ENGINEVERSION=1
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_ENGINEVERSION=2
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_MAXRETRIES=500
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_RETRYINTERVAL=2
- RUNDECK_STORAGE_PROVIDER_1_CONFIG_OPENTIMEOUT=2500
Expand Down

0 comments on commit e21ccbc

Please sign in to comment.