hcp-ansible/roles/vault/defaults/main.yml

---
# defaults file for hashicorp_vault
vault_version: latest
vault_start_service: true
vault_config_dir: "/etc/vault.d"
vault_data_dir: "/opt/vault"
vault_certs_dir: "{{ vault_config_dir }}/tls"
vault_logs_dir: "/var/log/vault"

vault_extra_files: false
vault_extra_files_list: []

vault_env_variables: {}

#######################
# extra configuration #
#######################

# You should prioritize adding configuration
# to the configuration entries below, this
# option should be used to add pieces of configuration not
# available through standard variables.

vault_extra_configuration: {}

###########
# general #
###########

vault_cluster_name: vault
vault_bind_addr: "0.0.0.0"
vault_cluster_addr: "{{ ansible_default_ipv4.address }}"
vault_enable_ui: true
vault_disable_mlock: false
vault_disable_cache: false

#########################
# storage configuration #
#########################

vault_storage_configuration:
  file:
    path: "{{ vault_data_dir }}"

#############################
# auto-unseal configuration #
#############################

vault_enable_auto_unseal: false
vault_unseal_url: "https://127.0.0.1:8200"
vault_unseal_tls_verify: true
vault_unseal_keys: []

##########################
# listener configuration #
##########################

vault_enable_tls: false
vault_listener_configuration:
  - tcp:
      address: "{{ vault_cluster_addr }}:8200"
      tls_disable: true

vault_tls_listener_configuration:
  - tcp:
      tls_disable: false
      tls_cert_file: "{{ vault_certs_dir }}/cert.pem"
      tls_key_file: "{{ vault_certs_dir }}/key.pem"
      tls_disable_client_certs: true

vault_certificates_extra_files_dir:
  []
  # - src: ""
  #   dest: "{{ vault_certs_dir }}"

vault_extra_listener_configuration: []

########################
# service registration #
########################

vault_enable_service_registration: false
vault_service_registration_configuration:
  consul:
    address: "127.0.0.1:8500"
    scheme: "http"
    token: ""

#########################
# plugins configuration #
#########################

vault_enable_plugins: false
vault_plugins_directory: "{{ vault_config_dir }}/plugins"

#################
# vault logging #
#################

vault_log_level: info
vault_enable_log_to_file: false
vault_log_to_file_configuration:
  log_file: "{{ vault_logs_dir }}/vault.log"
  log_rotate_duration: 24h
  log_rotate_max_files: 30
feat(roles): integrate vault role to hashistack collection 2024-07-19 21:31:41 +00:00			`---`
			`# defaults file for hashicorp_vault`
			`vault_version: latest`
			`vault_start_service: true`
			`vault_config_dir: "/etc/vault.d"`
			`vault_data_dir: "/opt/vault"`
			`vault_certs_dir: "{{ vault_config_dir }}/tls"`
			`vault_logs_dir: "/var/log/vault"`

			`vault_extra_files: false`
			`vault_extra_files_list: []`

			`vault_env_variables: {}`

			`#######################`
			`# extra configuration #`
			`#######################`

			`# You should prioritize adding configuration`
			`# to the configuration entries below, this`
			`# option should be used to add pieces of configuration not`
			`# available through standard variables.`

			`vault_extra_configuration: {}`

			`###########`
			`# general #`
			`###########`

			`vault_cluster_name: vault`
			`vault_bind_addr: "0.0.0.0"`
			`vault_cluster_addr: "{{ ansible_default_ipv4.address }}"`
			`vault_enable_ui: true`
			`vault_disable_mlock: false`
			`vault_disable_cache: false`

			`#########################`
			`# storage configuration #`
			`#########################`

			`vault_storage_configuration:`
			`file:`
			`path: "{{ vault_data_dir }}"`

feat(vault): enable rolling restart with no full seal 2024-09-02 20:24:58 +00:00			`#############################`
			`# auto-unseal configuration #`
			`#############################`

			`vault_enable_auto_unseal: false`
			`vault_unseal_url: "https://127.0.0.1:8200"`
			`vault_unseal_tls_verify: true`
			`vault_unseal_keys: []`

feat(roles): integrate vault role to hashistack collection 2024-07-19 21:31:41 +00:00			`##########################`
			`# listener configuration #`
			`##########################`

			`vault_enable_tls: false`
			`vault_listener_configuration:`
feat(vault): adjust default values for allowing multiple tcp and unix socket listeners 2024-07-21 21:32:50 +00:00			`- tcp:`
			`address: "{{ vault_cluster_addr }}:8200"`
			`tls_disable: true`
feat(roles): integrate vault role to hashistack collection 2024-07-19 21:31:41 +00:00
			`vault_tls_listener_configuration:`
feat(vault): adjust default values for allowing multiple tcp and unix socket listeners 2024-07-21 21:32:50 +00:00			`- tcp:`
			`tls_disable: false`
			`tls_cert_file: "{{ vault_certs_dir }}/cert.pem"`
			`tls_key_file: "{{ vault_certs_dir }}/key.pem"`
			`tls_disable_client_certs: true`
feat(roles): integrate vault role to hashistack collection 2024-07-19 21:31:41 +00:00
			`vault_certificates_extra_files_dir:`
			`[]`
			`# - src: ""`
			`# dest: "{{ vault_certs_dir }}"`

feat(vault): adjust default values for allowing multiple tcp and unix socket listeners 2024-07-21 21:32:50 +00:00			`vault_extra_listener_configuration: []`
feat(roles): integrate vault role to hashistack collection 2024-07-19 21:31:41 +00:00
			`########################`
			`# service registration #`
			`########################`

			`vault_enable_service_registration: false`
			`vault_service_registration_configuration:`
			`consul:`
			`address: "127.0.0.1:8500"`
			`scheme: "http"`
			`token: ""`

			`#########################`
			`# plugins configuration #`
			`#########################`

			`vault_enable_plugins: false`
			`vault_plugins_directory: "{{ vault_config_dir }}/plugins"`

			`#################`
			`# vault logging #`
			`#################`

			`vault_log_level: info`
			`vault_enable_log_to_file: false`
			`vault_log_to_file_configuration:`
			`log_file: "{{ vault_logs_dir }}/vault.log"`
			`log_rotate_duration: 24h`
			`log_rotate_max_files: 30`