»Standalone Server with Audit Storage

Important Note: This chart is not compatible with Helm 2. Please use Helm 3 with this chart.

The below values.yaml can be used to set up a single server Vault cluster with auditing enabled.

server:
  standalone:
    enabled: true
    config: |
      listener "tcp" {
        tls_disable = true
        address = "[::]:8200"
        cluster_address = "[::]:8201"
      }

      storage "file" {
        path = "/vault/data"
      }

  service:
    enabled: true

  dataStorage:
    enabled: true
    size: 10Gi
    storageClass: null
    accessMode: ReadWriteOnce

  auditStorage:
    enabled: true
    size: 10Gi
    storageClass: null
    accessMode: ReadWriteOnce

server:  standalone:    enabled: true    config: |      listener "tcp" {        tls_disable = true        address = "[::]:8200"        cluster_address = "[::]:8201"      }
      storage "file" {        path = "/vault/data"      }
  service:    enabled: true
  dataStorage:    enabled: true    size: 10Gi    storageClass: null    accessMode: ReadWriteOnce
  auditStorage:    enabled: true    size: 10Gi    storageClass: null    accessMode: ReadWriteOnce

After Vault has been deployed, initialized and unsealed, auditing can be enabled by running the following command against the Vault pod:

$ kubectl exec -ti <POD NAME> --  vault audit enable file file_path=/vault/audit/vault_audit.log

$ kubectl exec -ti <POD NAME> --  vault audit enable file file_path=/vault/audit/vault_audit.log