hashivault_rekey - Hashicorp Vault rekey module¶

New in version 3.3.0.

Synopsis ¶

Module to (update) rekey Hashicorp Vault. Requires that a rekey be started with hashivault_rekey_init.

Parameter	Choices/Defaults	Comments
authtype	Default: token	{'authentication type to use': 'token, userpass, github, ldap'}
ca_cert	Default: to environment variable VAULT_CACERT	path to a PEM-encoded CA cert file to use to verify the Vault server TLS certificate
ca_path	Default: to environment variable VAULT_CAPATH	path to a directory of PEM-encoded CA cert files to verify the Vault server TLS certificate : if ca_cert is specified, its value will take precedence
client_cert	Default: to environment variable VAULT_CLIENT_CERT	path to a PEM-encoded client certificate for TLS authentication to the Vault server
client_key	Default: to environment variable VAULT_CLIENT_KEY	path to an unencrypted PEM-encoded private key matching the client certificate
key		vault key shard (aka unseal key).
nonce		rekey nonce.
password	Default: to environment variable VAULT_PASSWORD	password to login to vault.
token	Default: to environment variable VAULT_TOKEN	token for vault
url	Default: to environment variable VAULT_ADDR	url for vault
username	Default: to environment variable VAULT_USER	username to login to vault.
verify	Default: to environment variable VAULT_SKIP_VERIFY	if set, do not verify presented TLS certificate before communicating with Vault server : setting this variable is not recommended except during testing

---
- hosts: localhost
  tasks:
    - hashivault_rekey:
      key: '{{vault_key}}'
      nonce: '{{nonce}}'

Hint

If you notice any issues in this documentation you can edit this document to improve it.