51 lines
1.4 KiB
HCL
51 lines
1.4 KiB
HCL
# Vault Agent for DB stack. AppRole creds are files on the host.
|
|
pid_file = "/tmp/vault-agent.pid"
|
|
|
|
auto_auth {
|
|
method "approle" {
|
|
mount_path = "auth/approle"
|
|
config = {
|
|
role_id_file_path = "/vault/role_id"
|
|
secret_id_file_path = "/vault/secret_id"
|
|
}
|
|
}
|
|
sink "file" { config = { path = "/vault/token" } }
|
|
}
|
|
|
|
vault { address = "{{ env `VAULT_ADDR` }}" }
|
|
|
|
# Mongo root credentials
|
|
template {
|
|
source = "/etc/vault/templates/mongo/user.ctmpl"
|
|
destination = "/vault/secrets/MONGO_INITDB_ROOT_USERNAME"
|
|
}
|
|
template {
|
|
source = "/etc/vault/templates/mongo/pass.ctmpl"
|
|
destination = "/vault/secrets/MONGO_INITDB_ROOT_PASSWORD"
|
|
}
|
|
|
|
# Replica set keyFile (strict perms)
|
|
template {
|
|
source = "/etc/vault/templates/mongo/keyfile.ctmpl"
|
|
destination = "/vault/secrets/mongo.kf"
|
|
command = "sh -lc 'chown 999:999 /vault/secrets/mongo.kf && chmod 0400 /vault/secrets/mongo.kf'"
|
|
}
|
|
|
|
# PBM: backup user/pass + S3 creds env
|
|
template {
|
|
source = "/etc/vault/templates/backup/user.ctmpl"
|
|
destination = "/etc/backup/.u"
|
|
}
|
|
template {
|
|
source = "/etc/vault/templates/backup/pass.ctmpl"
|
|
destination = "/etc/backup/.p"
|
|
}
|
|
template {
|
|
source = "/etc/vault/templates/pbm/env.ctmpl"
|
|
destination = "/etc/backup/pbm.env"
|
|
}
|
|
template {
|
|
source = "/etc/vault/templates/pbm/config.ctmpl"
|
|
destination = "/etc/backup/pbm-config.yaml"
|
|
}
|