3c683dba92
This PR adds a new Storage Backend for Triton's Object Storage - Manta ``` make testacc TEST=./physical/manta ==> Checking that code complies with gofmt requirements... ==> Checking that build is using go version >= 1.9.1... go generate VAULT_ACC=1 go test -tags='vault' ./physical/manta -v -timeout 45m === RUN TestMantaBackend --- PASS: TestMantaBackend (61.18s) PASS ok github.com/hashicorp/vault/physical/manta 61.210s ``` Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value` The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
67 lines
2.4 KiB
Markdown
67 lines
2.4 KiB
Markdown
---
|
||
layout: "docs"
|
||
page_title: "Manta - Storage Backends - Configuration"
|
||
sidebar_current: "docs-configuration-storage-manta"
|
||
description: |-
|
||
The Manta storage backend is used to persist Vault's data in Triton's Manta Object
|
||
Storage. The storage folder must already exist.
|
||
---
|
||
|
||
# Manta Storage Backend
|
||
|
||
The Manta storage backend is used to persist Vault's data in [Triton's Manta Object
|
||
Storage][manta-object-store]. The storage folder must already exist.
|
||
|
||
- **No High Availability** – the Manta storage backend does not support high
|
||
availability.
|
||
|
||
- **Community Supported** – the Manta storage backend is supported by the
|
||
community. While it has undergone review by HashiCorp employees, they may not
|
||
be as knowledgeable about the technology. If you encounter problems with them,
|
||
you may be referred to the original author.
|
||
|
||
```hcl
|
||
storage "manta" {
|
||
directory = "manta-directory"
|
||
user = "myuser"
|
||
key_id = "40:9d:d3:f9:0b:86:62:48:f4:2e:a5:8e:43:00:2a:9b"
|
||
}
|
||
```
|
||
|
||
## `manta` Parameters
|
||
|
||
- `directory` `(string: <required>)` – Specifies the name of the manta directory to use.
|
||
This will be in the `/stor/` folder in the specific manta account
|
||
|
||
The following settings are used for authenticating to Manta.
|
||
|
||
- `user` `(string: <required>)` – Specifies the Manta user account name. This can also be provided via
|
||
the environment variable `MANTA_USER`.
|
||
|
||
- `key_id` `(string: <required>)` – The fingerprint of the public key of the SSH key pair to use for authentication with the Manta API.
|
||
It is assumed that the SSH agent has the private key corresponding to this key ID loaded. This can also be provided
|
||
via the environment variable `MANTA_KEY_ID`.
|
||
|
||
- `subuser` - The name of a subuser that has been granted access to the Manta account. This can also be
|
||
provided via the environment variable `MANTA_SUBUSER`.
|
||
|
||
- `url` – Specifies the Manta URL. Defaults to `https://us-east.manta.joyent.com`. This can also be provided via
|
||
the environment variable `MANTA_URL`.
|
||
|
||
- `max_parallel` `(string: "128")` – Specifies The maximum number of concurrent
|
||
requests to Manta.
|
||
|
||
## `manta` Examples
|
||
|
||
This example shows configuring the Azure storage backend with a custom number of
|
||
maximum parallel connections.
|
||
|
||
```hcl
|
||
storage "manta" {
|
||
directory = "vault-storage-directory"
|
||
max_parallel = 512
|
||
}
|
||
```
|
||
|
||
[manta-object-store]: https://www.joyent.com/triton/object-storage
|