sendico/infra/monitoring/vault-agent/agent.hcl

exit_after_auth = false
pid_file        = "/tmp/vault-agent.pid"

vault {
  address = "http://vault:8200"
}

auto_auth {
  method "approle" {
    mount_path = "auth/approle"
    config = {
      role_id_file_path   = "/etc/vault/role_id"
      secret_id_file_path = "/etc/vault/secret_id"
      remove_secret_id_file_after_reading = false
    }
  }
  sink "file" { config = { path = "/vault/secrets/.vault-token" } }
}

template {
  source      = "/etc/vault/templates/grafana.env.ctmpl"
  destination = "/vault/secrets/grafana.env"
  perms       = "0644"
  command     = "chown 472:472 /vault/secrets/grafana.env"
}

template {
  source      = "/etc/vault/templates/alertmanager.yml.ctmpl"
  destination = "/vault/alertmanager/alertmanager.yml"
  perms       = "0644"
}