Hello, I'm Maneshwar. I'm building git-lrc, an AI code reviewer that runs on every commit. It is free, unlimited, and source-available on Github. Star Us to help devs discover the project. Do give it a try and share your feedback for improving the product.
Hi there! I’m building LiveAPI, a first-of-its-kind tool that helps you automatically index API endpoints across all your repositories. LiveAPI makes it easier to discover, understand, and interact with APIs in large infrastructures.When you're setting up secrets management, HashiCorp Vault is often the go-to. But doing it manually on every machine? Meh. Here's how to automate Vault installation and initial config using Ansible.
Prerequisites
- Ubuntu 20.04+ machines (adjust if needed)
- Ansible installed on your control node
- SSH access to target nodes
- TLS certs ready (for production-grade setup)
- A Nomad cluster (if you're integrating Vault with it)
Step 1: Install Vault using Ansible
Create a role like vault and start with a task to install Vault:
# roles/vault/tasks/main.yml
- name: Add HashiCorp GPG key
ansible.builtin.apt_key:
url: https://apt.releases.hashicorp.com/gpg
state: present
- name: Add HashiCorp repo
ansible.builtin.apt_repository:
repo: "deb [arch={{ ansible_architecture }} signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com {{ ansible_lsb.codename }} main"
filename: hashicorp
state: present
mode: 0644
- name: Install Vault
ansible.builtin.apt:
name: vault
state: present
update_cache: yes
Step 2: Vault Configuration (vault.hcl)
Use a template or copy the config as-is:
# roles/vault/tasks/config.yml
- name: Copy Vault config
copy:
src: vault.hcl
dest: /etc/vault.d/vault.hcl
owner: root
group: root
mode: 0644
- name: Ensure data directory exists
file:
path: /var/vault/data
state: directory
owner: vault
group: vault
mode: 0750
Here’s the sample vault.hcl:
listener "tcp" {
address = "127.0.0.1:8200"
tls_cert_file = "/etc/vault.d/tls/tls.crt"
tls_key_file = "/etc/vault.d/tls/tls.key"
}
api_addr = "https://127.0.0.1:8200"
cluster_addr = "https://127.0.0.1:8201"
storage "raft" {
path = "/var/vault/data"
node_id = "vault-1"
}
cluster_name = "hexmos-vault"
ui = true
telemetry {
prometheus_retention_time = "30s"
disable_hostname = true
}
Step 3: Policies and Roles
Drop your Vault policy and role files into roles/vault/files/.
Policy
nomad-server-policy.hcl
path "auth/token/create/nomad-cluster" {
capabilities = ["update"]
}
...
path "hex/*" {
capabilities = ["read", "list", "create", "update", "delete"]
}
Role
nomad-cluster-role.json
{
"allowed_policies": "nomad-job",
"token_explicit_max_ttl": 0,
"name": "nomad-cluster",
"orphan": true,
"token_period": 259200,
"renewable": true
}
Upload both:
- name: Upload Vault policies
copy:
src: nomad-server-policy.hcl
dest: /etc/vault.d/policies/nomad-server-policy.hcl
- name: Upload Vault roles
copy:
src: nomad-cluster-role.json
dest: /etc/vault.d/roles/nomad-cluster-role.json
Step 4: Enable and Start Vault
- name: Enable Vault service
systemd:
name: vault
enabled: yes
state: started
If you're bootstrapping for the first time, add a step to initialize Vault with vault operator init.
Bonus: Run It
Create your site.yml:
- hosts: vault-servers
become: yes
roles:
- vault
Run it:
ansible-playbook -i inventory.ini site.yml
What’s Next?
*Use Ansible to init and unseal Vault
- Enable secrets engines
- Configure dynamic secrets (e.g., PostgreSQL, AWS, etc.)
- Integrate with Nomad or Consul
helps you get all your backend APIs documented in a few minutes.
With , you can generate interactive API docs that allow users to search and execute endpoints directly from the browser.
If you're tired of updating manually or syncing collections, give it a shot.
*AI agents write code fast. They also silently remove logic, change behavior, and introduce bugs -- without telling you. You often find out in production.
git-lrc fixes this. It hooks into git commit and reviews every diff before it lands. 60-second setup. Completely free.*
Any feedback or contributors are welcome! It's online, source-available, and ready for anyone to use.
⭐ Star it on GitHub:
HexmosTech
/
git-lrc
Free, Unlimited AI Code Reviews That Run on Commit
git-lrc
Free, Unlimited AI Code Reviews That Run on Commit
AI agents write code fast. They also silently remove logic, change behavior, and introduce bugs -- without telling you. You often find out in production.
git-lrc fixes this. It hooks into git commit and reviews every diff before it lands. 60-second setup. Completely free.
See It In Action
See git-lrc catch serious security issues such as leaked credentials, expensive cloud operations, and sensitive material in log statements
git-lrc-intro-60s.mp4
Why
- 🤖 AI agents silently break things. Code removed. Logic changed. Edge cases gone. You won't notice until production.
- 🔍 Catch it before it ships. AI-powered inline comments show you exactly what changed and what looks wrong.
- 🔁 Build a habit, ship better code. Regular review → fewer bugs → more robust code → better results in your team.
- 🔗 Why git? Git is universal. Every editor, every IDE, every AI…
Top comments (1)
This is extremely impressive, especially all the Ansible breakdowns. I've spent so much time fumbling with Vault installs by hand, so this kind of end-to-end automation is a lifesaver