Parameter |
Choices/Defaults |
Comments |
authtype
-
|
Choices:
- token
- userpass
- github
- ldap
- approle
Default:
"token or environment variable `VAULT_AUTHTYPE`"
|
authentication type
|
aws_header
-
|
Default:
"to environment variable `VAULT_AWS_HEADER`"
|
X-Vault-AWS-IAM-Server-ID Header value to prevent replay attacks.
|
bind_secret_id
-
|
|
Require secret_id to be presented when logging in using this AppRole.
|
bound_cidr_list
-
|
|
Deprecated. Use token_bound_cidrs instead. Comma-separated string or list of CIDR blocks.
|
ca_cert
-
|
Default:
"to environment variable `VAULT_CACERT`"
|
Path to a PEM-encoded CA cert file to use to verify the Vault server TLS certificate
|
ca_path
-
|
Default:
"to environment variable `VAULT_CAPATH`"
|
Path to a directory of PEM-encoded CA cert files to verify the Vault server TLS certificate. If ca_cert is specified, its value will take precedence
|
client_cert
-
|
Default:
"to environment variable `VAULT_CLIENT_CERT`"
|
Path to a PEM-encoded client certificate for TLS authentication to the Vault server
|
client_key
-
|
Default:
"to environment variable `VAULT_CLIENT_KEY`"
|
Path to an unencrypted PEM-encoded private key matching the client certificate
|
enable_local_secret_ids
-
|
|
If set, the secret IDs generated using this role will be cluster local.
|
login_mount_point
-
|
Default:
"value of authtype or environment varialbe `VAULT_LOGIN_MOUNT_POINT`"
|
authentication mount point
|
mount_point
-
|
Default:
"approle"
|
mount point for role
|
name
-
|
|
role name.
|
namespace
-
|
Default:
"to environment variable VAULT_NAMESPACE"
|
namespace for vault
|
password
-
|
Default:
"to environment variable `VAULT_PASSWORD`"
|
password to login to vault.
|
period
-
|
|
Duration of the token generated.
|
policies
-
|
|
Policies for the role.
|
secret_id_bound_cidrs
-
|
|
Comma-separated string or list of CIDR blocks.
|
secret_id_num_uses
-
|
|
Number of times any particular SecretID can be used.
|
secret_id_ttl
-
|
|
Duration after which any SecretID expires.
|
state
-
|
Default:
"present"
|
present or absent
|
token
-
|
Default:
"to environment variable `VAULT_TOKEN`"
|
token for vault
|
token_bound_cidrs
-
|
|
Comma-separated string or list of CIDR blocks.
|
token_explicit_max_ttl
-
|
|
Encode this value onto the token.
|
token_max_ttl
-
|
|
Duration after which the issued token can no longer be renewed.
|
token_no_default_policy
-
|
|
Default policy will not be set on generated tokens.
|
token_num_uses
-
|
|
Number of times issued tokens can be used. A value of 0 means unlimited uses.
|
token_period
-
|
|
Duration of the token generated.
|
token_policies
-
|
|
Policies for the role.
|
token_ttl
-
|
|
Duration to set as the TTL for issued tokens and at renewal time.
|
token_type
-
|
|
Type of token that should be generated, normally `service`, `batch` or `default`.
|
url
-
|
Default:
"to environment variable `VAULT_ADDR`"
|
url for vault
|
username
-
|
Default:
"to environment variable `VAULT_USER`"
|
username to login to vault.
|
verify
-
|
Default:
"to environment variable `VAULT_SKIP_VERIFY`"
|
If set, do not verify presented TLS certificate before communicating with Vault server. Setting this variable is not recommended except during testing
|