Skip to content

Releases: ansible-community/ansible-vault

Monthly snapshot for 2022.07.01

01 Jul 04:42
Compare
Choose a tag to compare
fix(pkcs11): jinja whitespace

Monthly snapshot for 2022.06.01

01 Jun 04:58
Compare
Choose a tag to compare
Remove unused vault_group_name var

Although this variable exists since the first ever commit, it's never
been used.

Monthly snapshot for 2022.05.01

01 May 04:21
Compare
Choose a tag to compare
vault api health check via the actual vault api address

Monthly snapshot for 2022.04.01

01 Apr 04:01
Compare
Choose a tag to compare
vault api health check via the actual vault api address

Monthly snapshot for 2022.03.01

01 Mar 03:53
Compare
Choose a tag to compare
vault api health check via the actual vault api address

Monthly snapshot for 2022.02.01

01 Feb 03:48
Compare
Choose a tag to compare
vault api health check via the actual vault api address

Monthly snapshot for 2022.01.01

01 Jan 03:49
Compare
Choose a tag to compare
vault api health check via the actual vault api address

Monthly snapshot for 2021.12.01

01 Dec 03:48
Compare
Choose a tag to compare
Add vault_harden_file_perms to set chmod 0550 on config/plugins path

The [Production
Hardening](https://learn.hashicorp.com/tutorials/vault/production-hardening)
have a bullet point "Allow minimal write privileges". It states: "its
executable binary or any Vault configuration files".

Prior to this change, the config and plugins path had chmod 0750, so
Vault could actually write config files and change plugins.

This commit adds a new parameter named vault_harden_file_perms (turned
off by default). When enabled, it changes the chmod of config and
plugins path to 0550 to effectively disallow Vault from writing into
these dirs.

Signed-off-by: Albin Kerouanton <albinker@gmail.com>

Monthly snapshot for 2021.11.01

01 Nov 03:48
Compare
Choose a tag to compare
[E602] Don't compare to empty string

Monthly snapshot for 2021.10.01

01 Oct 03:48
Compare
Choose a tag to compare
remote_install: only install OS packages if non-empty