{%- from "vault/map.jinja" import vault with context -%}
{%- if vault.backend and vault.backend.type == "s3" %}
backend "s3" {
  bucket = "{{ vault.backend.bucket }}"
}
{% endif -%}

listener "{{ vault.listen_protocol }}" {
  address = "{{ vault.listen_address }}:{{ vault.listen_port }}"
  tls_disable = {{ vault.tls_disable }}
{% if vault.self_signed_cert.enabled %}
  tls_cert_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}.pem"
  tls_key_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}-nopass.key"
{% else %}
{%- if vault.tls_cert_file %}
  tls_cert_file = "{{ vault.tls_cert_file }}"
{% endif -%}
{%- if vault.tls_key_file %}
  tls_key_file = "{{ vault.tls_key_file }}"
{% endif -%}
{% endif %}
}

default_lease_ttl="{{ vault.default_lease_ttl }}"
max_lease_ttl="{{ vault.max_lease_ttl }}"