This repository is no longer supported, please consider using this repository for the latest and most supported version for Vault.
Moving forward in the future this repository will be no longer supported and eventually lead to
deprecation. Please use our latest versions of our products moving forward or alternatively you
may fork the repository to continue use and development for your personal/business use.
install-vault: This module can be used to install Vault. It can be used in a
Packer template to create a Vault
Google Image.
run-vault: This module can be used to configure and run Vault. It can be used in a
Startup Script
to fire up Vault while the server is booting.
install-nginx: This module can be used to install Nginx. It can be used in a
Packer template to create a Vault
Google Image. This module is only necessary when using
a Load Balancer which requires a Health Checker.
run-nginx: This module can be used to configure and run nginx. It can be used in a
Startup Script
to launch nginx while the server is booting.
private-tls-cert: Generate a private TLS certificate for use with a private Vault
cluster.
update-certificate-store: Add a trusted, CA public key to an OS's
certificate store. This allows you to establish TLS connections to services that use this TLS certs signed by this
CA without getting x509 certificate errors.
What's a Terraform Module?
A Terraform Module refers to a self-contained packages of Terraform configurations that are managed as a group. This repo
is a Terraform Module and contains many "submodules" which can be composed together to create useful infrastructure patterns.
Who created this Module?
These modules were created by Gruntwork, in partnership with HashiCorp, in 2017 and maintained through 2021. They were deprecated in 2022 in favor of newer alternatives (see the top of the README for details).
modules: This folder contains the reusable code for this Terraform Module, broken down into one or more submodules.
examples: This folder contains examples of how to use the submodules.
test: Automated tests for the submodules and examples.
Click on each of the submodules above for more details.
To deploy Vault with this Terraform Module, you will need to deploy two separate clusters: one to run
Consul servers (which Vault uses as a high availability
backend) and one to run Vault servers.
Create a Google Image that has Vault installed (using the install-vault module) and the Consul
agent installed (using the install-consul
module). Here is an
example Packer template. Google Cloud does not allow the creation of public Images
so you must create this Image on your own to proceed!
Deploy that Image across a Managed Instance Group using the Terraform vault-cluster-module.
1 TODO ACCESSING THE CLUSTER THROUGH SSH
Execute the run-consul script
with the --client flag during boot on each Instance to have the Consul agent connect to the Consul server cluster.
Execute the run-vault script during boot on each Instance to create the Vault cluster.
If you only need to access Vault from inside your GCP account (recommended), run the install-dnsmasq
module on each server,
and that server will be able to reach Vault using the Consul Server cluster as the DNS resolver (e.g. using an address
like vault.service.consul). See the vault-cluster-private example for working
sample code.
If you need to access Vault from the public Internet, deploy the vault-lb-fr module and have
all requests to Vault go through the Load Balancer. See the vault-cluster-public example
for working sample code.
See the root-example for the fastest way to try out this Module.
How is this Module versioned?
This Terraform Module follows the principles of Semantic Versioning. You can find each new release,
along with the changelog, in the Releases Page.
During initial development, the major version will be 0 (e.g., 0.x.y), which indicates the code does not yet have a
stable API. Once we hit 1.0.0, we will make every effort to maintain a backwards compatible API and use the MAJOR,
MINOR, and PATCH versions on each release to indicate any incompatibilities.
License
This code is released under the Apache 2.0 License. Please see LICENSE and NOTICE for more
details.
请发表评论