2017-04-24 10:48:25 -04:00
|
|
|
{%- from "vault/map.jinja" import vault with context -%}
|
|
|
|
{%- if vault.backend and vault.backend.type == "s3" %}
|
2017-04-11 10:55:31 -04:00
|
|
|
backend "s3" {
|
2017-04-24 10:48:25 -04:00
|
|
|
bucket = "{{ vault.backend.bucket }}"
|
2017-04-11 10:55:31 -04:00
|
|
|
}
|
2017-04-24 10:48:25 -04:00
|
|
|
{% endif -%}
|
2017-04-11 10:55:31 -04:00
|
|
|
|
|
|
|
listener "{{ vault.listen_protocol }}" {
|
|
|
|
address = "{{ vault.listen_address }}:{{ vault.listen_port }}"
|
2017-04-24 10:48:25 -04:00
|
|
|
tls_disable = {{ vault.strict_tls }}
|
|
|
|
{% if vault.self_signed_cert.enabled %}
|
2017-04-11 10:55:31 -04:00
|
|
|
tls_cert_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}.pem"
|
|
|
|
tls_key_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}-nopass.key"
|
2017-04-24 10:48:25 -04:00
|
|
|
{% else %}
|
|
|
|
{%- if vault.tls_cert_file %}
|
2017-04-11 10:55:31 -04:00
|
|
|
tls_cert_file = "{{ vault.tls_cert_file }}"
|
2017-04-24 10:48:25 -04:00
|
|
|
{% endif -%}
|
|
|
|
{%- if vault.tls_key_file %}
|
|
|
|
tls_key_file = "{{ vault.tls_key_file }}"
|
|
|
|
{% endif -%}
|
|
|
|
{% endif %}
|
2017-04-11 10:55:31 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
default_lease_ttl="{{ vault.default_lease_ttl }}"
|
|
|
|
max_lease_ttl="{{ vault.max_lease_ttl }}"
|