{% from "vault/map.jinja" import vault with context %}

{% if vault.s3_backend %}
backend "s3" {
  bucket = "{{ vault.s3_backend.bucket }}"
}
{% endif %}

listener "{{ vault.listen_protocol }}" {
  address = "{{ vault.listen_address }}:{{ vault.listen_port }}"
  tls_disable = {{ vault.strict_tls }} 
  {% if vault.self_signed_cert.enabled %}
  tls_cert_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}.pem"
  tls_key_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}-nopass.key"
  {% else %}
  {% if vault.tls_cert_file %}
  tls_cert_file = "{{ vault.tls_cert_file }}"
  {% endif %}
  {% if vault.tls_key_file %}
  tls_key_file = "{{ vault.tls_cert_file }}"
  {% endif %}
  {% endif %}
}

#todo parameterize
default_lease_ttl="{{ vault.default_lease_ttl }}"
max_lease_ttl="{{ vault.max_lease_ttl }}"