Vault, the Target API, and apply_prep
Welcome to the first ever Bolt developer update! This is a new experiment we’re trying to communicate more directly about what we’re actively working on and what we’re thinking about in the near term.
This week, we released Bolt 1.28.0. The feature I want to highlight is the new Vault plugin. This plugin allows you to query inventory information (such as passwords) from HashiCorp Vault.
As an example, this inventory snippet retrieves a private key from Vault and uses it to connect to host.example.com
.
targets:
- host.example.com
config:
ssh:
user: root
private-key:
key-data:
_plugin: vault
server_url: http://127.0.0.1:8200
auth:
method: userpass
user: bolt
pass: bolt
path: secrets/bolt
field: private-key
version: 2
Try out the plugin and let us know what you think.
Up next
Coming down the pipe, Alex posted a specification for some refinements to the Target/inventory API. Our aim with that is to standardize the operations you can use within a plan to dynamically create, modify, and regroup targets.
We’ve also started discussing extensions to the apply_prep()
function to make it possible to use custom agent install methods and alternate fact sources. Please check out the current state of that proposal and give feedback.
Speaking of feedback, please reach out in #bolt
on Slack or by email to let us know what you think of this newsletter format.