Configuration¶
To use the Vault Autopilot CLI, you need to provide credentials to access your Vault server. This can be done through either a configuration file or environment variables.
Configuration File¶
If you choose to use a configuration file, simply specify the file’s path along with the –config flag before running any command. For example:
$ vault-autopilot --config "vault-autopilot.yaml" apply [ARGS]...
This tells the CLI to use the settings in your vault-autopilot.yaml file
when executing the apply command. Just be sure to replace
vault-autopilot.yaml with the actual path to your file.
Config File Example¶
Here’s an example of what your configuration file might look like:
baseUrl: "https://localhost:8200"
auth:
method: token
token: "<TOKEN>"
storage:
type: "kvv1-secret"
Environment Variables¶
Alternatively, you can set environment variables to configure the Vault Autopilot CLI.
Precedence¶
If both a configuration file and environment variables are provided, the environment variables will take precedence. This allows you to override specific settings in your configuration file with environment variables.
For example, if your vault-autopilot.yaml file contains:
baseUrl: "https://localhost:8200"
auth:
method: token
token: "<TOKEN>"
storage:
type: "kvv1-secret"
And you set the following environment variable:
export AUTH__TOKEN="<NEW_TOKEN>"
The NEW_TOKEN value will be used instead of the value in the
vault-autopilot.yaml file.
Configuration keys¶
This section documents all configuration keys, presented in JSON schema format:
{
"$defs": {
"KubernetesAuthMethod": {
"additionalProperties": false,
"properties": {
"mountPath": {
"title": "Mountpath",
"type": "string"
},
"role": {
"title": "Role",
"type": "string"
},
"jwt": {
"format": "password",
"title": "Jwt",
"type": "string",
"writeOnly": true
},
"method": {
"const": "kubernetes",
"enum": [
"kubernetes"
],
"title": "Method",
"type": "string"
}
},
"required": [
"mountPath",
"role",
"jwt",
"method"
],
"title": "KubernetesAuthMethod",
"type": "object"
},
"TokenAuthMethod": {
"additionalProperties": false,
"properties": {
"token": {
"format": "password",
"title": "Token",
"type": "string",
"writeOnly": true
},
"source": {
"default": "directvalue",
"enum": [
"directvalue",
"filebasedvalue"
],
"title": "Source",
"type": "string"
},
"method": {
"const": "token",
"enum": [
"token"
],
"title": "Method",
"type": "string"
}
},
"required": [
"token",
"method"
],
"title": "TokenAuthMethod",
"type": "object"
},
"VaultSecretStorage": {
"properties": {
"type": {
"const": "kvv1-secret",
"enum": [
"kvv1-secret"
],
"title": "Type",
"type": "string"
},
"secretsEnginePath": {
"default": "hqdncw.github.io/vault-autopilot/user-data",
"title": "Secretsenginepath",
"type": "string"
},
"snapshotsSecretPath": {
"default": "snapshots",
"title": "Snapshotssecretpath",
"type": "string"
}
},
"required": [
"type"
],
"title": "VaultSecretStorage",
"type": "object"
}
},
"additionalProperties": false,
"properties": {
"baseUrl": {
"title": "Baseurl",
"type": "string"
},
"storage": {
"$ref": "#/$defs/VaultSecretStorage"
},
"auth": {
"discriminator": {
"mapping": {
"kubernetes": "#/$defs/KubernetesAuthMethod",
"token": "#/$defs/TokenAuthMethod"
},
"propertyName": "method"
},
"oneOf": [
{
"$ref": "#/$defs/KubernetesAuthMethod"
},
{
"$ref": "#/$defs/TokenAuthMethod"
}
],
"title": "Auth"
},
"defaultNamespace": {
"default": "",
"title": "Defaultnamespace",
"type": "string"
}
},
"required": [
"baseUrl",
"storage",
"auth"
],
"title": "Settings",
"type": "object"
}