Forge Home


Sets up Vault with Consul as its secret backend

Induja Vijayaragavan



6,390 latest version

4.6 quality score

Version information

  • 0.2.3 (latest)
  • 0.2.2
  • 0.2.1
  • 0.2.0
  • 0.1.9
  • 0.1.8
  • 0.1.7
  • 0.1.6
released Jan 6th 2017
This version is compatible with:
  • RedHat

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'induja-vault_setup', '0.2.3'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add induja-vault_setup
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install induja-vault_setup --version 0.2.3

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



induja/vault_setup — version 0.2.3 Jan 6th 2017



This module installs unzip and vault in the node.

This module creates the vault server configuration file with consul secret backend.

This module sets the VAULT_ADDR= so we can interact with vault without SSL keys.


1) Consul should be installed and up and running in the node that you are trying to test.

2) Proxy is added and is all set.

3) Stahnma/epel module should be installed through r10k control repo or Librarian puppet or manually.

4) puppetlabs/stdlib module should be installed.


class { '::vault_setup': 
  vault_binary_file => '',
  source_file => '',
  cdadmin_path => '/opt/cdadmin/bin',

Parameters you need to pass for this class:

  $vault_binary_file - The binary file name for vault installation. Default:

  $source_file - source file for vault installation. Default: ''

  $cdadmin_path - The path for placing all the executables like vault-config.hcl,,, one_time_install. Default: '/opt/cdadmin/bin' 

The above mentioned arguments are the defaults.

Things to do after this module is installed:

1) Modify $cdadmin_path/vault-config.hcl to add your consul write ACL token so vault can interact with consul backend.

2) Login to the node that used this module for vault installation

2) export VAULT_ADDR=

3) vault server -config /opt/cdadmin/bin/vault-config.hcl &

4) vault status

This should show that vault is sealed.

5) vault unseal

Enter key1

6) vault unseal

Enter key2

7) vault unseal

Enter key3

8) Now the new node has vault service started and is up and running.

9) If an existing node goes away, this new node automatically gets elected as the vault server in the cluster.

Word of Caution:

This is intended only for dev and test environments, please do not use it on production environment boxes as SSL keys are not configured yet. Use the ssl certs and https when you are production ready and have working certificates for your environments.