Add support for secrets stored in HashiCorp Vault

Vault secrets are stored as key-value pairs, so the return value from a secret lookup is always a Hash. Example: ``` file "/home/user/test1" do content secret(name: "secret/example", service: :hashi_vault, config: { vault_addr: "vault.example.com", role_name: "example-role" })[:answer] end ``` As shown above, we are expecting a hash from Vault, and are populating the file content based on the value of `:answer` in that hash. Limitations: * This iteration only supports instance authentication via a Vault role connected to an IAM profile. * This iteration does not support versioned secrets Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
author: Marc A. Paradise <marc.paradise@gmail.com> 2021-08-26 13:06:09 -0400
committer: Marc A. Paradise <marc.paradise@gmail.com> 2021-08-27 16:09:23 -0400
commit: 377ba8443e42dcb002158bb489cb504dc67efc18 (patch)
tree: fac28222a7c001b34c87d1794f2c3d423fb5c157 /chef.gemspec
parent: fd68f7f1fb1e63f1cb40d7ef24346afd0884ed95 (diff)
download: chef-377ba8443e42dcb002158bb489cb504dc67efc18.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/chef.gemspec b/chef.gemspec
index 0f278fff8f..936a9dfd91 100644
--- a/chef.gemspec
+++ b/chef.gemspec
@@ -56,6 +56,7 @@ Gem::Specification.new do |s|
   s.add_dependency "proxifier", "~> 1.0"
 
   s.add_dependency "aws-sdk-secretsmanager", "~> 1.46"
+  s.add_dependency "vault", "~> 0.16" # hashi vault official client gem
   s.bindir       = "bin"
   s.executables  = %w{ }
author	Marc A. Paradise <marc.paradise@gmail.com>	2021-08-26 13:06:09 -0400
committer	Marc A. Paradise <marc.paradise@gmail.com>	2021-08-27 16:09:23 -0400
commit	377ba8443e42dcb002158bb489cb504dc67efc18 (patch)
tree	fac28222a7c001b34c87d1794f2c3d423fb5c157 /chef.gemspec
parent	fd68f7f1fb1e63f1cb40d7ef24346afd0884ed95 (diff)
download	chef-377ba8443e42dcb002158bb489cb504dc67efc18.tar.gz