Vault-1.2

Introduction

Vault from HashiCorp is a tool for securely storing and accessing secrets. Vault provides an unified interface to any secrets, while providing rigid access control and detailed audit log. AppZ platform provides Vault-1.2 as a core stateful component.

  1. Fully managed stateful Vault-1.2 deployment using GitOps from Client’s Git repository.
  2. Secure Secret Storage: Arbitrary key/value secrets can be stored in Vault. Vault encrypts these secrets prior to writing them to persistent storage.
  3. Vault-1.2 can automatically generate secure secrets for any application like MySQL, MariaDB, Spring Boot, Postgres and WordPress in case the secrets are not provided.
  4. Built-in logging and monitoring visualization through AppZ Dashboard.

This stack creates a Vault application using GitOps.

Pre-requisites

  • Setup AppZ Cluster- Install AppZ Cluster from AWS Marketplace. Find the instructions at our product documentation.

Sample Project

Vault - Use this sample project to deploy Vault-1.2.

If you fork Vault under your Git account, you will see the following appz.yml in the root of your project.

appz.yaml

app:
    name: Vault
    code: VAULT
    notify: appzdev@cloudbourne.co

build:
    version: 0.4
    env: DEV
    build_file: none
    output_files: output/*.zip
    image_template: vault-1.2

deploy:
    context: alpha/DEV
    type: statefulset
    replicas: 1
    port:
    - 80
    - 8200

volumes:
  - claim: vault-home
    mount: /appz/home
    name: home
    size: 5Gi
  - claim: vault-data
    mount: /appz/data
    name: data
    size: 5Gi

properties:
    revision: 24
    ENABLE_AUTO_PASSWORD: True

After forking the Vault application, add app and acl records of vault application in the AppZ Dashboard. After adding app and acl records, you should add the Webhook. You can get the webhook in the Output section of the Cloud Formation, at the end of AppZ Cluster creation. Follow the instructions here:how to add webhook. Make sure the content type is application/json.

Once Webhook is added, you should customize the following in appz.yaml file and Commit the changes.

  1. "notify" under app section.

  2. change notify email to your email.

  3. "context" under deploy section.

  4. Replace alpha with your GitID.

Properties

  • ENABLE_AUTO_PASSWORD - To get the auto generated passwords, give this option as True

Volumes

It is stateful deployment and volumes are created for /appz/home and /appz/data as per volumes: section in appz.yml

Standard AppZ Volumes is also enabled.