50 lines
1.2 KiB
HCL
50 lines
1.2 KiB
HCL
# Vault Agent for Development Environment
|
|
# AppRole credentials are injected as files from environment variables
|
|
pid_file = "/tmp/vault-agent.pid"
|
|
|
|
auto_auth {
|
|
method "approle" {
|
|
mount_path = "auth/approle"
|
|
config = {
|
|
role_id_file_path = "/vault/secrets/role_id"
|
|
secret_id_file_path = "/vault/secrets/secret_id"
|
|
}
|
|
}
|
|
sink "file" {
|
|
config = { path = "/vault/token" }
|
|
}
|
|
}
|
|
|
|
vault {
|
|
address = "{{ env `VAULT_ADDR` }}"
|
|
}
|
|
|
|
# MongoDB root credentials
|
|
template {
|
|
source = "/etc/vault/templates/mongo/user.ctmpl"
|
|
destination = "/vault/secrets/MONGO_ROOT_USER"
|
|
}
|
|
|
|
template {
|
|
source = "/etc/vault/templates/mongo/pass.ctmpl"
|
|
destination = "/vault/secrets/MONGO_ROOT_PASSWORD"
|
|
}
|
|
|
|
# MongoDB replica set keyFile (strict perms for MongoDB)
|
|
template {
|
|
source = "/etc/vault/templates/mongo/keyfile.ctmpl"
|
|
destination = "/vault/secrets/mongo.kf"
|
|
command = "sh -lc 'chmod 0400 /vault/secrets/mongo.kf'"
|
|
}
|
|
|
|
# NATS credentials
|
|
template {
|
|
source = "/etc/vault/templates/nats/user.ctmpl"
|
|
destination = "/vault/secrets/NATS_USER"
|
|
}
|
|
|
|
template {
|
|
source = "/etc/vault/templates/nats/pass.ctmpl"
|
|
destination = "/vault/secrets/NATS_PASSWORD"
|
|
}
|