update docs

README.md

@@ -169,7 +169,7 @@ Default value: 1
 ### Configuration Examples
 
 
-* **example basic settings**
+#### **example basic settings**
 ```
 rundeck.storage.provider.1.type=vault-storage
 rundeck.storage.provider.1.path=keys
@@ -179,7 +179,7 @@ rundeck.storage.provider.1.config.address=$VAULT_URL
 rundeck.storage.provider.1.config.token=$VAULT_TOKEN
 ```
 
-* **existing vault storage**
+#### **existing vault storage**
 
 For existing vault storage, probably you will need to remove the default `keys` path added by default for rundeck.
 You can use these settings for an existing vault storage:
@@ -194,6 +194,44 @@ rundeck.storage.provider.1.config.token=$VAULT_TOKEN
 rundeck.storage.provider.1.config.storageBehaviour=vault
 ```
 
+#### **Using APPROLE authentication**
+
+You can use these settings for an existing vault storage:
+
+```
+rundeck.storage.provider.1.type=vault-storage
+rundeck.storage.provider.1.path=keys
+rundeck.storage.provider.1.config.prefix=app
+rundeck.storage.provider.1.config.secretBackend=secret
+rundeck.storage.provider.1.config.address=$VAULT_URL
+rundeck.storage.provider.1.config.engineVersion=2
+rundeck.storage.provider.1.config.storageBehaviour=vault
+
+#auth
+rundeck.storage.provider.1.config.authBackend=approle
+rundeck.storage.provider.1.config.approleAuthMount=approle
+rundeck.storage.provider.1.config.approleId=$VAULT_APPROLE_ID
+rundeck.storage.provider.1.config.approleSecretId=$VAULT_APPROLE_SECRET_ID
+
+#timeouts
+rundeck.storage.provider.1.config.maxRetries=500
+rundeck.storage.provider.1.config.retryIntervalMilliseconds=2
+rundeck.storage.provider.1.config.openTimeout=2500
+rundeck.storage.provider.1.config.readTimeout=2500
+```
+
+**Enabling APPROLE Vault using API**
+
+```
+curl --header "X-Vault-Token: $TOKEN" --request POST --data '{"type": "approle"}' http://localhost:8200/v1/sys/auth/approle
+curl --header "X-Vault-Token: $TOKEN" --request POST --data '{"policies": "rundeck", "token_ttl": "2m", "token_max_ttl": "2m"}' http://localhost:8200/v1/auth/approle/role/rundeck
+# get $VAULT_APPROLE_ID
+curl --header "X-Vault-Token: $TOKEN" http://localhost:8200/v1/auth/approle/role/rundeck/role-id | jq
+# get $VAULT_APPROLE_SECRET_ID
+curl --header "X-Vault-Token: $TOKEN" --request POST http://localhost:8200/v1/auth/approle/role/rundeck/secret-id | jq
+```
+
+
 ## Vault API versions
 
 Since version 1.3.1, this plugin can work with `kV Secrets Engine - Version 2`. 

docker/docker-compose.yaml

@@ -34,12 +34,12 @@ services:
     - RUNDECK_STORAGE_PROVIDER_1_TYPE=vault-storage
     - RUNDECK_STORAGE_PROVIDER_1_PATH=keys
     - RUNDECK_STORAGE_PROVIDER_1_REMOVEPATHPREFIX=true
-    - RUNDECK_STORAGE_PROVIDER_1_CONFIG_SECRETBACKEND=kv
-    - RUNDECK_STORAGE_PROVIDER_1_CONFIG_PREFIX=test
+    - RUNDECK_STORAGE_PROVIDER_1_CONFIG_SECRETBACKEND=secret
+    - RUNDECK_STORAGE_PROVIDER_1_CONFIG_PREFIX=app
     - RUNDECK_STORAGE_PROVIDER_1_CONFIG_ADDRESS=http://vault:8200
     - RUNDECK_STORAGE_PROVIDER_1_CONFIG_TOKEN=${VAULT_TOKEN}
     - RUNDECK_STORAGE_PROVIDER_1_CONFIG_BEHAVIOUR=vault
-    - RUNDECK_STORAGE_PROVIDER_1_CONFIG_ENGINEVERSION=1
+    - RUNDECK_STORAGE_PROVIDER_1_CONFIG_ENGINEVERSION=2
     - RUNDECK_STORAGE_PROVIDER_1_CONFIG_MAXRETRIES=500
     - RUNDECK_STORAGE_PROVIDER_1_CONFIG_RETRYINTERVAL=2
     - RUNDECK_STORAGE_PROVIDER_1_CONFIG_OPENTIMEOUT=2500