Package Details: vault 0.7.2-1

Git Clone URL: https://aur.archlinux.org/vault.git (read-only)
Package Base: vault
Description: A tool for managing secrets
Upstream URL: https://vaultproject.io/
Keywords: daemon secret storage
Licenses: MPL
Conflicts: vault-git
Submitter: None
Maintainer: aperez
Last Packager: aperez
Votes: 8
Popularity: 0.081634
First Submitted: 2012-01-30 10:44
Last Updated: 2017-05-09 11:18

Latest Comments

aperez commented on 2017-04-18 08:56

@BombStrike: The “setcap“ invocation is always done in the “vault.install” script. It seems more appropriate to do it only once as a post-installation action than every time the service gets started. Also, using the post-install script the “setcap” is effective also for people launching the daemon without using systemd.

BombStrike commented on 2017-04-18 02:09

Hi, another suggestion would also be to add the following lines to the [Service] block in the service file:

PermissionsStartOnly=true
ExecStartPre=/sbin/setcap 'cap_ipc_lock=+ep' /usr/bin/vault

This will allow vault to call mlock and prevent it from ever writing to any memory space that might be stored on disk (like swap).

See https://www.vaultproject.io/docs/configuration/#disable_mlock

aperez commented on 2017-04-17 13:31

@leothrix: Thanks again for suggesting improvements! Version 0.7.0-3 includes the change to have SIGHUP sent to Vault on reload.

leothrix commented on 2017-04-16 02:00

Hey, I've got another one for you! Per the Vault documentation:

https://www.vaultproject.io/docs/configuration/index.html

The vault daemon supports reloading tls certificates and keys by acknowledging HUP signals. Thus the following [Service] stanza would be really useful for the packaged systemd unit:

ExecReload=/usr/bin/kill --signal HUP $MAINPID

(I think that's right, not sure whether to use /bin/kill for example.)

aperez commented on 2017-03-23 16:11

@leothrix: That makes total sense, I have just updated the package, and starting from version 0.7.0-2 the PKGBUILD has “backup=('etc/vault.hcl')”, which prevents the configuration file from being overwritten on package upgrades. Thanks for the suggestion!

leothrix commented on 2017-03-22 18:59

Could we get the vault.hcl config file marked to be backed up in the PKGBUILD? It overwrites my configuration on every upgrade, which is... less than ideal.

xiong.chiamiov commented on 2016-06-17 18:32

FYI there is now a low-traffic announce list: https://groups.google.com/forum/#!forum/hashicorp-announce

aperez commented on 2015-10-22 10:08

@ainola: Good point. Somehow I was thinking that “godep” itself would have a dependes itself on “go”, but it has a makepends only. I have added the “go” dependency as suggested and pushed the changes. Thanks for the report!

ainola commented on 2015-10-21 23:23

I had to install the package 'go' to get this to build. Otherwise I was getting 'go: command not found'.

ainola commented on 2015-10-21 23:13

Great, thanks!

All comments