open-consul/website/content/docs/k8s/deployment-configurations/vault/data-integration/snapshot-agent-config.mdx

102 lines
3.7 KiB
Plaintext
Raw Normal View History

Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
---
layout: docs
page_title: Storing the Snapshot Agent Config in Vault
description: >-
Configuring the Consul Helm chart to use a snapshot agent config stored in Vault.
---
# Storing the Snapshot Agent Config in Vault
This topic describes how to configure the Consul Helm chart to use a snapshot agent config stored in Vault.
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
## Overview
To use an ACL replication token stored in Vault, follow the steps outlined in the [Data Integration](/docs/k8s/installation/vault/data-integration) section.
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
Complete the following steps once:
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
1. Store the secret in Vault.
1. Create a Vault policy that authorizes the desired level of access to the secret.
Repeat the following steps for each datacenter in the cluster:
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
1. Create Vault Kubernetes auth roles that link the policy to each Consul on Kubernetes service account that requires access.
1. Update the Consul on Kubernetes helm chart.
## Prerequisites
Prior to setting up the data integration between Vault and Consul on Kubernetes, you will need to have:
1. Read and completed the steps in the [Systems Integration](/docs/k8s/installation/vault/systems-integration) section of [Vault as a Secrets Backend](/docs/k8s/deployment-configurations/vault).
2. Read the [Data Integration Overview](/docs/k8s/installation/vault/data-integration) section of [Vault as a Secrets Backend](/docs/k8s/deployment-configurations/vault).
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
## Store the Secret in Vault
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
First, store the snapshot agent config in Vault:
```shell-session
$ vault kv put secret/consul/snapshot-agent-config key="<snapshot agent JSON config>"
```
## Create Vault policy
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
Next, you will need to create a policy that allows read access to this secret.
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
The path to the secret referenced in the `path` resource is the same values that you will configure in the `client.snapshotAgent.configSecret.secretName` Helm configuration (refer to [Update Consul on Kubernetes Helm chart](#update-consul-on-kubernetes-helm-chart)).
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
<CodeBlockConfig filename="snapshot-agent-config-policy.hcl">
```HCL
path "secret/data/consul/snapshot-agent-config" {
capabilities = ["read"]
}
```
</CodeBlockConfig>
Apply the Vault policy by issuing the `vault policy write` CLI command:
```shell-session
$ vault policy write snapshot-agent-config-policy snapshot-agent-config-policy.hcl
```
## Create Vault Authorization Roles for Consul
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
Next, you will create a Kubernetes auth role for the Consul snapshot agent:
```shell-session
$ vault write auth/kubernetes/role/consul-server \
bound_service_account_names=<Consul snapshot agent service account> \
bound_service_account_namespaces=<Consul installation namespace> \
policies=snapshot-agent-config-policy \
ttl=1h
```
To find out the service account name of the Consul snapshot agent,
you can run the following `helm template` command with your Consul on Kubernetes values file:
```shell-session
$ helm template --release-name ${RELEASE_NAME} -s templates/client-snapshot-agent-serviceaccount.yaml hashicorp/consul
```
## Update Consul on Kubernetes Helm chart
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
Now that you have configured Vault, you can configure the Consul Helm chart to
use the snapshot agent configuration in Vault:
Update k8s docs for Vault as a Secrets Backend (#12691) * Updating k8s Vault as a Secrets Backend docs * Moving files in data-integration folder * Updating routes to moved files * Removing known limitations since we have delivered them. * Revise overview page to point towards the System Integration and Data Integration pages. * Updating Systems Overview page * Making corrections to Overview and Systems Integration page * Updating Data Integration page * Gossip page * Enterprise Licensepage * Bootstrap Token * Replication Token * Revisions to bootrap, replication, and enterprise license * snapshot agent page. revisiions to other data integration pages * Consul Service Mesh TLS Provider page * ServerTLS page * Spelling, grammar errors * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/index.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/server-tls.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/gossip.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/snapshot-agent-config.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/bootstrap-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/connect-ca.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/enterprise-license.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/data-integration/replication-token.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Updating data center to datacenter * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * interim changes * more formatting changes * adding additional formatting changes * more formatting on systems integration page * remove TODO * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: David Yu <dyu@hashicorp.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/index.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Update website/content/docs/k8s/installation/vault/systems-integration.mdx Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com> * Adding partition token * removing dangling word * Adding missing navlink for partitions page * Adding VAULT_TOKEN documentation and a note to VAULT_ADDR about https and the possible need for the VAULT_CACERT. * Fixing broken links and ordering lists * Fixing broken links. Changing pre-requisites to prerequisites. Co-authored-by: David Yu <dyu@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-04-07 18:16:24 +00:00
<CodeBlockConfig filename="values.yaml">
```yaml
global:
secretsBackend:
vault:
enabled: true
consulSnapshotAgentRole: snapshot-agent
client:
snapshotAgent:
configSecret:
secretName: secret/data/consul/snapshot-agent-config
secretKey: key
```
</CodeBlockConfig>
Note that `client.snapshotAgent.configSecret.secretName` is the path of the secret in Vault.
This should be the same path as the one you included in your Vault policy.
`client.snapshotAgent.configSecret.secretKey` is the key inside the secret data. This should be the same
as the key you passed when creating the snapshot agent config secret in Vault.