feat: add audit log for openbao

- openbao requires audit-log configured in config file
2025-11-15 21:17:11 +11:00 · 2025-11-15 21:17:11 +11:00 · a5b9850e82
commit a5b9850e82
parent 9854403b02
2 changed files with 12 additions and 0 deletions
--- a/hieradata/roles/infra/storage/vault.yaml
+++ b/hieradata/roles/infra/storage/vault.yaml
@ -4,6 +4,7 @@ profiles::vault::server::members_lookup: true
 profiles::vault::server::data_dir: /data/vault
 profiles::vault::server::manage_storage_dir: true
 profiles::vault::server::tls_disable: false
+profiles::vault::server::audit_log: /data/vault/audit.log
 vault::package_name: openbao
 vault::package_ensure: latest

--- a/site/profiles/manifests/vault/server.pp
+++ b/site/profiles/manifests/vault/server.pp
@ -65,6 +65,17 @@ class profiles::vault::server (
      api_addr           => "${http_scheme}://${::facts['networking']['fqdn']}:${client_port}",
      extra_config       => {
        cluster_addr => "${http_scheme}://${::facts['networking']['fqdn']}:${cluster_port}",
+        audit        => [
+          {
+            file => {
+              'audit-file' => {
+                options => {
+                  file_path => $audit_log,
+                }
+              }
+            }
+          }
+        ],
      },
      listener           => [
        {