listener "{{ vault.config.listen_protocol }}" { address = "{{ vault.config.listen_address }}:{{ vault.config.listen_port }}" tls_disable = {{ vault.config.tls_disable }} {%- if vault.self_signed_cert.enabled %} tls_cert_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}.pem" tls_key_file = "/etc/vault/{{ vault.self_signed_cert.hostname }}-nopass.key" {% else -%} {%- if vault.config.tls_cert_file %} tls_cert_file = "{{ vault.config.tls_cert_file }}" {% endif -%} {%- if vault.config.tls_key_file %} tls_key_file = "{{ vault.config.tls_key_file }}" {% endif -%} {% endif %} } {%- if vault.config.backend and vault.config.backend.type == "s3" %} backend "s3" { bucket = "{{ vault.config.backend.bucket }}" } {% endif -%} {%- if vault.config.storage and vault.config.storage.type == "consul" %} storage "consul" { address = "{{ vault.config.storage.address }}" path = "{{ vault.config.storage.path }}" } {%- else %} storage "file" { path = "{{ vault.config.data_dir }}" } {% endif -%} default_lease_ttl="{{ vault.config.default_lease_ttl }}" max_lease_ttl="{{ vault.config.max_lease_ttl }}"