yamanin/registry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
registry/registry/coder/modules/vault-cli/README.md
Rowan Smith 3ae8c7dcff
feat: support optional installation of vault enterprise binary (#582) 
## Description

When using the SAML auth method with Vault and authenticating via CLI it
is required to use the enterprise version of the binary, as SAML support
is not built into the non enterprise version of the CLI. This PR adds an
optional `enterprise` variable to support this.

@matifali can you let me know the appropriate tag command to run to
release this once approved, please?

## Type of Change

- [ ] New module
- [ ] New template
- [ ] Bug fix
- [x] Feature/enhancement
- [ ] Documentation
- [ ] Other

## Module Information

**Path:** `registry/coder/modules/vault-cli`  
**New version:** `v1.1.0`  
**Breaking change:** [ ] Yes [x] No


## Testing & Validation

- [ ] Tests pass (`bun test`)
- [ ] Code formatted (`bun fmt`)
- [x] Changes tested locally

## Related Issues

None
2025-12-08 07:56:03 -06:00

3.3 KiB
Raw Blame History

display_name description icon verified tags
Vault CLI Installs the Hashicorp Vault CLI and optionally configures token authentication ../../../../.icons/vault.svg true
helper
integration
vault
cli

Vault CLI

Installs the Vault CLI and optionally configures token authentication. This module focuses on CLI installation and can be used standalone or as a base for other authentication methods.

module "vault_cli" {
  source     = "registry.coder.com/coder/vault-cli/coder"
  version    = "1.1.0"
  agent_id   = coder_agent.example.id
  vault_addr = "https://vault.example.com"
}

Prerequisites

The following tools are required in the workspace image:

  • HTTP client: curl, wget, or busybox (at least one)
  • Archive utility: unzip or busybox (at least one)
  • jq: Optional but recommended for reliable JSON parsing (falls back to sed if not available)

With Token Authentication

If you have a Vault token, you can provide it to automatically configure authentication:

module "vault_cli" {
  source      = "registry.coder.com/coder/vault-cli/coder"
  version     = "1.1.0"
  agent_id    = coder_agent.example.id
  vault_addr  = "https://vault.example.com"
  vault_token = var.vault_token # Optional
}

Examples

Basic Installation (CLI Only)

Install the Vault CLI without any authentication:

module "vault_cli" {
  source     = "registry.coder.com/coder/vault-cli/coder"
  version    = "1.1.0"
  agent_id   = coder_agent.example.id
  vault_addr = "https://vault.example.com"
}

With Specific Version

module "vault_cli" {
  source            = "registry.coder.com/coder/vault-cli/coder"
  version           = "1.1.0"
  agent_id          = coder_agent.example.id
  vault_addr        = "https://vault.example.com"
  vault_cli_version = "1.15.0"
}

Custom Installation Directory

module "vault_cli" {
  source      = "registry.coder.com/coder/vault-cli/coder"
  version     = "1.1.0"
  agent_id    = coder_agent.example.id
  vault_addr  = "https://vault.example.com"
  install_dir = "/home/coder/bin"
}

With Vault Enterprise Namespace

For Vault Enterprise users who need to specify a namespace:

module "vault_cli" {
  source          = "registry.coder.com/coder/vault-cli/coder"
  version         = "1.1.0"
  agent_id        = coder_agent.example.id
  vault_addr      = "https://vault.example.com"
  vault_token     = var.vault_token
  vault_namespace = "admin/my-namespace"
}

Vault Enterprise Binary

Install the Vault Enterprise binary. This is required if using SAML authentication to Vault:

module "vault_cli" {
  source     = "registry.coder.com/coder/vault-cli/coder"
  version    = "1.1.0"
  agent_id   = coder_agent.example.id
  vault_addr = "https://vault.example.com"
  enterprise = true
}

Related Modules

For more advanced authentication methods, see:

  • vault-github - Authenticate with Vault using GitHub tokens
  • vault-jwt - Authenticate with Vault using OIDC/JWT

For simple token-based authentication, see: