1 cluster_name = "{{ vault_cluster_name }}"
2 max_lease_ttl = "{{ vault_max_lease_ttl }}"
3 default_lease_ttl = "{{ vault_default_lease_ttl }}"
5 disable_clustering = "{{ vault_cluster_disable | bool | lower }}"
6 cluster_addr = "{{ vault_cluster_addr }}"
7 api_addr = "{{ vault_api_addr }}"
9 {% for l in vault_tcp_listeners %}
11 address = "{{ l.vault_address }}:{{ l.vault_port }}"
12 cluster_address = "{{ l.vault_cluster_address }}"
13 {% if (l.vault_proxy_protocol_behavior is defined and l.vault_proxy_protocol_behavior) -%}
14 proxy_protocol_behavior = "{{ l.vault_proxy_protocol_behavior }}"
15 {% if (l.vault_proxy_protocol_authorized_addrs is defined) -%}
16 proxy_protocol_authorized_addrs = "{{ l.vault_proxy_protocol_authorized_addrs }}"
19 {% if not (l.vault_tls_disable | bool) -%}
20 tls_cert_file = "{{ l.vault_tls_config_path }}/{{ l.vault_tls_cert_file }}"
21 tls_key_file = "{{ l.vault_tls_config_path }}/{{ l.vault_tls_key_file }}"
22 tls_client_ca_file="{{ l.vault_tls_config_path }}/{{ l.vault_tls_ca_file }}"
23 tls_min_version = "{{ l.vault_tls_min_version }}"
24 {% if vault_tls_cipher_suites is defined and vault_tls_cipher_suites -%}
25 tls_cipher_suites = "{{ l.vault_tls_cipher_suites}}"
27 tls_prefer_server_cipher_suites = "{{ l.vault_tls_prefer_server_cipher_suites }}"
28 {% if (l.vault_tls_require_and_verify_client_cert | bool) -%}
29 tls_require_and_verify_client_cert = "{{ l.vault_tls_require_and_verify_client_cert | bool | lower}}"
31 {% if (l.vault_tls_disable_client_certs | bool) -%}
32 tls_disable_client_certs = "{{ l.vault_tls_disable_client_certs | bool | lower}}"
35 tls_disable = "{{ l.vault_tls_disable | bool | lower }}"
39 {% if (vault_listener_localhost_enable | bool) -%}
41 address = "127.0.0.1:{{ vault_port }}"
42 cluster_address = "127.0.0.1:8201"
48 Select which storage backend you want generated and placed
49 in the vault configuration file.
51 {%- if vault_backend == 'consul' -%}
52 {% include vault_backend_consul with context %}
53 {% elif vault_backend == 'etcd' -%}
54 {% include vault_backend_etcd with context %}
55 {% elif vault_backend == 'file' -%}
56 {% include vault_backend_file with context %}
57 {% elif vault_backend == 's3' -%}
58 {% include vault_backend_s3 with context %}
59 {% elif vault_backend == 'dynamodb' -%}
60 {% include vault_backend_dynamodb with context %}
61 {% elif vault_backend == 'mysql' -%}
62 {% include vault_backend_mysql with context %}
63 {% elif vault_backend == 'gcs' -%}
64 {% include vault_backend_gcs with context %}
65 {% elif vault_backend == 'raft' -%}
66 {% include vault_backend_raft with context %}
69 {% if vault_service_registration_consul_enable -%}
70 {% include vault_service_registration_consul_template with context %}
74 ui = {{ vault_ui | bool | lower }}
77 {% if vault_telemetry_enabled | bool -%}
79 {% if vault_statsite_address is defined -%}
80 statsite_address = "{{vault_statsite_address}}"
82 {% if vault_statsd_address is defined -%}
83 statsd_address = "{{vault_statsd_address}}"
85 {% if vault_prometheus_retention_time is defined -%}
86 prometheus_retention_time = "{{ vault_prometheus_retention_time }}"
88 {% if vault_telemetry_disable_hostname is defined -%}
89 disable_hostname = {{vault_telemetry_disable_hostname | bool | lower }}