hashivault_pki_crl_rotate – Hashicorp Vault PKI Rotate CRLs

New in version 4.5.0.

Synopsis

  • This module forces a rotation of the CRL.

  • This can be used by administrators to cut the size of the CRL if it contains a number of certificates that have now expired, but has not been rotated due to no further certificates being revoked.

Requirements

The below requirements are needed on the host that executes this module.

  • hvac>=0.10.1

  • ansible>=2.0.0

  • requests

Parameters

Parameter Choices/Defaults Comments
authtype
-
    Choices:
  • token
  • userpass
  • github
  • ldap
  • approle
Default:
"token or environment variable `VAULT_AUTHTYPE`"
authentication type
aws_header
-
Default:
"to environment variable `VAULT_AWS_HEADER`"
X-Vault-AWS-IAM-Server-ID Header value to prevent replay attacks.
ca_cert
-
Default:
"to environment variable `VAULT_CACERT`"
Path to a PEM-encoded CA cert file to use to verify the Vault server TLS certificate
ca_path
-
Default:
"to environment variable `VAULT_CAPATH`"
Path to a directory of PEM-encoded CA cert files to verify the Vault server TLS certificate. If ca_cert is specified, its value will take precedence
client_cert
-
Default:
"to environment variable `VAULT_CLIENT_CERT`"
Path to a PEM-encoded client certificate for TLS authentication to the Vault server
client_key
-
Default:
"to environment variable `VAULT_CLIENT_KEY`"
Path to an unencrypted PEM-encoded private key matching the client certificate
login_mount_point
-
Default:
"value of authtype or environment varialbe `VAULT_LOGIN_MOUNT_POINT`"
authentication mount point
mount_point
-
Default:
"pki"
location where secrets engine is mounted. also known as path
namespace
-
Default:
"to environment variable VAULT_NAMESPACE"
namespace for vault
password
-
Default:
"to environment variable `VAULT_PASSWORD`"
password to login to vault.
token
-
Default:
"to environment variable `VAULT_TOKEN`"
token for vault
url
-
Default:
"to environment variable `VAULT_ADDR`"
url for vault
username
-
Default:
"to environment variable `VAULT_USER`"
username to login to vault.
verify
-
Default:
"to environment variable `VAULT_SKIP_VERIFY`"
If set, do not verify presented TLS certificate before communicating with Vault server. Setting this variable is not recommended except during testing

Examples

---
- hosts: localhost
  tasks:
    - hashivault_pki_crl_rotate:

Status

Authors

  • UNKNOWN

Hint

If you notice any issues in this documentation, you can edit this document to improve it.