This PR adds a new Storage Backend for Triton's Object Storage - Manta ``` make testacc TEST=./physical/manta ==> Checking that code complies with gofmt requirements... ==> Checking that build is using go version >= 1.9.1... go generate VAULT_ACC=1 go test -tags='vault' ./physical/manta -v -timeout 45m === RUN TestMantaBackend --- PASS: TestMantaBackend (61.18s) PASS ok github.com/hashicorp/vault/physical/manta 61.210s ``` Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value` The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
2.4 KiB
layout | page_title | sidebar_current | description |
---|---|---|---|
docs | Manta - Storage Backends - Configuration | docs-configuration-storage-manta | The Manta storage backend is used to persist Vault's data in Triton's Manta Object Storage. The storage folder must already exist. |
Manta Storage Backend
The Manta storage backend is used to persist Vault's data in Triton's Manta Object Storage. The storage folder must already exist.
-
No High Availability – the Manta storage backend does not support high availability.
-
Community Supported – the Manta storage backend is supported by the community. While it has undergone review by HashiCorp employees, they may not be as knowledgeable about the technology. If you encounter problems with them, you may be referred to the original author.
storage "manta" {
directory = "manta-directory"
user = "myuser"
key_id = "40:9d:d3:f9:0b:86:62:48:f4:2e:a5:8e:43:00:2a:9b"
}
manta
Parameters
directory
(string: <required>)
– Specifies the name of the manta directory to use. This will be in the/stor/
folder in the specific manta account
The following settings are used for authenticating to Manta.
-
user
(string: <required>)
– Specifies the Manta user account name. This can also be provided via the environment variableMANTA_USER
. -
key_id
(string: <required>)
– The fingerprint of the public key of the SSH key pair to use for authentication with the Manta API. It is assumed that the SSH agent has the private key corresponding to this key ID loaded. This can also be provided via the environment variableMANTA_KEY_ID
. -
subuser
- The name of a subuser that has been granted access to the Manta account. This can also be provided via the environment variableMANTA_SUBUSER
. -
url
– Specifies the Manta URL. Defaults tohttps://us-east.manta.joyent.com
. This can also be provided via the environment variableMANTA_URL
. -
max_parallel
(string: "128")
– Specifies The maximum number of concurrent requests to Manta.
manta
Examples
This example shows configuring the Azure storage backend with a custom number of maximum parallel connections.
storage "manta" {
directory = "vault-storage-directory"
max_parallel = 512
}