---
# defaults file for hashicorp_vault
hashi_vault_install: true
hashi_vault_auto_update: false
hashi_vault_start_service: true
hashi_vault_version: latest
hashi_vault_deploy_method: host  # deployment method, either host or docker
hashi_vault_env_variables: {}
hashi_vault_data_dir: "/opt/vault"
hashi_vault_extra_files: false
hashi_vault_extra_files_src: /tmp/extra_files
hashi_vault_extra_files_dst: /etc/vault.d/extra_files
#! vault configuration
hashi_vault_configuration:
  cluster_name: vault
  cluster_addr: "https://127.0.0.1:8201"
  api_addr: "https://127.0.0.1:8200"
  ui: true
  disable_mlock: false
  disable_cache: false
  listener:
    tcp:
      address: "127.0.0.1:8200"
      cluster_address: "127.0.0.1:8201"
      tls_disable: 0
      tls_disable_client_certs: false
      tls_cert_file: "{{ hashi_vault_data_dir }}/tls/tls.crt" # this use the autogenerated TLS certificates
      tls_key_file: "{{ hashi_vault_data_dir }}/tls/tls.key" # this use the autogenerated TLS certificates
  storage:
    file:
      path: "{{ hashi_vault_data_dir }}/data"
  # service_registration:
  #   consul:
  #     address: 127.0.0.1:8500
  #     scheme: https
  #     token: someUUIDforconsul
  telemetry:
    usage_gauge_period: 10m
    maximum_gauge_cardinality: 500
    disable_hostname: false
    enable_hostname_label: false
    lease_metrics_epsilon: 1h
    num_lease_metrics_buckets: 168
    add_lease_metrics_namespace_labels: false
    filter_default: true
    prefix_filter: []
    prometheus_retention_time: 24h