formula-vault/vault/files/server.hcl.jinja

{% from "vault/map.jinja" import vault with context %}

{% if vault.s3_backend %}
backend "s3" {
  bucket = "{{ vault.s3_backend.bucket }}"
}
{% endif %}

listener "{{ vault.listen_protocol }}" {
  address = "{{ vault.listen_address }}:{{ vault.listen_port }}"
  tls_disable = {{ vault.strict_tls }} 
  {% if vault.self_signed_cert.enabled %}
  tls_cert_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}.pem"
  tls_key_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}-nopass.key"
  {% else %}
  {% if vault.tls_cert_file %}
  tls_cert_file = "{{ vault.tls_cert_file }}"
  {% endif %}
  {% if vault.tls_key_file %}
  tls_key_file = "{{ vault.tls_cert_file }}"
  {% endif %}
  {% endif %}
}

#todo parameterize
default_lease_ttl="{{ vault.default_lease_ttl }}"
max_lease_ttl="{{ vault.max_lease_ttl }}"
Added parameters 2017-04-11 10:55:31 -04:00			`{% from "vault/map.jinja" import vault with context %}`

			`{% if vault.s3_backend %}`
			`backend "s3" {`
			`bucket = "{{ vault.s3_backend.bucket }}"`
			`}`
			`{% endif %}`

			`listener "{{ vault.listen_protocol }}" {`
			`address = "{{ vault.listen_address }}:{{ vault.listen_port }}"`
			`tls_disable = {{ vault.strict_tls }}`
			`{% if vault.self_signed_cert.enabled %}`
			`tls_cert_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}.pem"`
			`tls_key_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}-nopass.key"`
			`{% else %}`
			`{% if vault.tls_cert_file %}`
			`tls_cert_file = "{{ vault.tls_cert_file }}"`
			`{% endif %}`
			`{% if vault.tls_key_file %}`
			`tls_key_file = "{{ vault.tls_cert_file }}"`
			`{% endif %}`
			`{% endif %}`
			`}`

			`#todo parameterize`
			`default_lease_ttl="{{ vault.default_lease_ttl }}"`
			`max_lease_ttl="{{ vault.max_lease_ttl }}"`