2017-04-24 10:48:25 -04:00
|
|
|
{%- from "vault/map.jinja" import vault with context -%}
|
|
|
|
{%- if vault.backend and vault.backend.type == "s3" %}
|
2017-04-11 10:55:31 -04:00
|
|
|
backend "s3" {
|
2017-04-24 10:48:25 -04:00
|
|
|
bucket = "{{ vault.backend.bucket }}"
|
2017-04-11 10:55:31 -04:00
|
|
|
}
|
2017-04-24 10:48:25 -04:00
|
|
|
{% endif -%}
|
2018-05-15 00:42:18 -04:00
|
|
|
{%- if vault.storage and vault.storage.type == "consul" %}
|
|
|
|
storage "consul" {
|
|
|
|
address = "{{ vault.storage.address }}"
|
|
|
|
path = "{{ vault.storage.path }}"
|
|
|
|
}
|
|
|
|
{% endif -%}
|
2017-04-11 10:55:31 -04:00
|
|
|
|
|
|
|
listener "{{ vault.listen_protocol }}" {
|
|
|
|
address = "{{ vault.listen_address }}:{{ vault.listen_port }}"
|
2017-06-06 11:37:05 -04:00
|
|
|
tls_disable = {{ vault.tls_disable }}
|
2017-04-24 10:48:25 -04:00
|
|
|
{% if vault.self_signed_cert.enabled %}
|
2017-04-11 10:55:31 -04:00
|
|
|
tls_cert_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}.pem"
|
|
|
|
tls_key_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}-nopass.key"
|
2017-04-24 10:48:25 -04:00
|
|
|
{% else %}
|
|
|
|
{%- if vault.tls_cert_file %}
|
2017-04-11 10:55:31 -04:00
|
|
|
tls_cert_file = "{{ vault.tls_cert_file }}"
|
2017-04-24 10:48:25 -04:00
|
|
|
{% endif -%}
|
|
|
|
{%- if vault.tls_key_file %}
|
|
|
|
tls_key_file = "{{ vault.tls_key_file }}"
|
|
|
|
{% endif -%}
|
|
|
|
{% endif %}
|
2017-04-11 10:55:31 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
default_lease_ttl="{{ vault.default_lease_ttl }}"
|
|
|
|
max_lease_ttl="{{ vault.max_lease_ttl }}"
|