2024-07-19 21:31:41 +00:00
|
|
|
---
|
2024-10-06 10:18:07 +00:00
|
|
|
# defaults file for vault
|
2024-07-19 21:31:41 +00:00
|
|
|
vault_version: latest
|
|
|
|
vault_start_service: true
|
|
|
|
vault_config_dir: "/etc/vault.d"
|
|
|
|
vault_data_dir: "/opt/vault"
|
|
|
|
vault_certs_dir: "{{ vault_config_dir }}/tls"
|
|
|
|
vault_logs_dir: "/var/log/vault"
|
|
|
|
|
|
|
|
vault_extra_files: false
|
|
|
|
vault_extra_files_list: []
|
|
|
|
|
|
|
|
vault_env_variables: {}
|
|
|
|
|
|
|
|
#######################
|
|
|
|
# extra configuration #
|
|
|
|
#######################
|
|
|
|
|
|
|
|
# You should prioritize adding configuration
|
|
|
|
# to the configuration entries below, this
|
|
|
|
# option should be used to add pieces of configuration not
|
|
|
|
# available through standard variables.
|
|
|
|
|
|
|
|
vault_extra_configuration: {}
|
|
|
|
|
|
|
|
###########
|
|
|
|
# general #
|
|
|
|
###########
|
|
|
|
|
|
|
|
vault_cluster_name: vault
|
|
|
|
vault_bind_addr: "0.0.0.0"
|
|
|
|
vault_cluster_addr: "{{ ansible_default_ipv4.address }}"
|
|
|
|
vault_enable_ui: true
|
|
|
|
vault_disable_mlock: false
|
|
|
|
vault_disable_cache: false
|
|
|
|
|
|
|
|
#########################
|
|
|
|
# storage configuration #
|
|
|
|
#########################
|
|
|
|
|
|
|
|
vault_storage_configuration:
|
|
|
|
file:
|
|
|
|
path: "{{ vault_data_dir }}"
|
|
|
|
|
2024-09-02 20:24:58 +00:00
|
|
|
#############################
|
|
|
|
# auto-unseal configuration #
|
|
|
|
#############################
|
|
|
|
|
|
|
|
vault_enable_auto_unseal: false
|
|
|
|
vault_unseal_url: "https://127.0.0.1:8200"
|
|
|
|
vault_unseal_tls_verify: true
|
|
|
|
vault_unseal_keys: []
|
|
|
|
|
2024-07-19 21:31:41 +00:00
|
|
|
##########################
|
|
|
|
# listener configuration #
|
|
|
|
##########################
|
|
|
|
|
|
|
|
vault_enable_tls: false
|
|
|
|
vault_listener_configuration:
|
2024-07-21 21:32:50 +00:00
|
|
|
- tcp:
|
|
|
|
address: "{{ vault_cluster_addr }}:8200"
|
|
|
|
tls_disable: true
|
2024-07-19 21:31:41 +00:00
|
|
|
|
|
|
|
vault_tls_listener_configuration:
|
2024-07-21 21:32:50 +00:00
|
|
|
- tcp:
|
|
|
|
tls_disable: false
|
|
|
|
tls_cert_file: "{{ vault_certs_dir }}/cert.pem"
|
|
|
|
tls_key_file: "{{ vault_certs_dir }}/key.pem"
|
|
|
|
tls_disable_client_certs: true
|
2024-07-19 21:31:41 +00:00
|
|
|
|
|
|
|
vault_certificates_extra_files_dir:
|
|
|
|
[]
|
|
|
|
# - src: ""
|
|
|
|
# dest: "{{ vault_certs_dir }}"
|
|
|
|
|
2024-07-21 21:32:50 +00:00
|
|
|
vault_extra_listener_configuration: []
|
2024-07-19 21:31:41 +00:00
|
|
|
|
|
|
|
########################
|
|
|
|
# service registration #
|
|
|
|
########################
|
|
|
|
|
|
|
|
vault_enable_service_registration: false
|
|
|
|
vault_service_registration_configuration:
|
|
|
|
consul:
|
|
|
|
address: "127.0.0.1:8500"
|
|
|
|
scheme: "http"
|
|
|
|
token: ""
|
|
|
|
|
|
|
|
#########################
|
|
|
|
# plugins configuration #
|
|
|
|
#########################
|
|
|
|
|
|
|
|
vault_enable_plugins: false
|
|
|
|
vault_plugins_directory: "{{ vault_config_dir }}/plugins"
|
|
|
|
|
2024-10-27 18:55:56 +00:00
|
|
|
###########
|
|
|
|
# logging #
|
|
|
|
###########
|
2024-07-19 21:31:41 +00:00
|
|
|
|
|
|
|
vault_log_level: info
|
|
|
|
vault_enable_log_to_file: false
|
|
|
|
vault_log_to_file_configuration:
|
|
|
|
log_file: "{{ vault_logs_dir }}/vault.log"
|
|
|
|
log_rotate_duration: 24h
|
|
|
|
log_rotate_max_files: 30
|