ansible-roles/roles/vault_agent/templates/vault-agent.hcl.j2

vault {
  address = "{{ vault_agent_vault_address }}"
}

auto_auth {
{% if vault_agent_auth == 'approle' %}
  method {
    type = "approle"
    config {
      role_id_file_path   = "{{ vault_agent_root_dir }}/auth/role_id"
      secret_id_file_path = "{{ vault_agent_root_dir }}/auth/secret_id"
      remove_secret_id_file_after_reading = false
    }
  }
{% elif vault_agent_auth == 'token' %}
  method {
    type = "token_file"
    config {
      token_file_path = "{{ vault_agent_root_dir }}/auth/token"
    }
  }
{% endif %}

  # Not used, but prevent service failing if there's not template yet
  sink {
    type = "file"
    wrap_ttl = "1s"
    config = {
      path = "/run/vault_agent/vault.token"
      mode = 0600
    }
  }
}

{% for template in vault_agent_templates %}
template {
{% if template.source is defined %}
  source = "{{ template.source }}"
{% elif template.contents is defined %}
  contents = "{{ template.contents }}"
{% endif %}
  destination = "{{ template.destination }}"
{% for prop in ['left_delimiter', 'right_delimiter', 'perms'] %}
{% if template[prop] is defined %}
  {{ prop }} = "{{ template[prop] }}"
{% endif %}
{% endfor %}

{% if template.exec is defined and template.exec.command is defined %}
  exec {
{% if template.exec.timeout is defined %}
    timeout = "{{ template.exec.timeout }}"
{% endif %}
    command = "template.exec.command"
  }
{% endif %}
}
{% endfor %}
Update to 2023-07-08 16:00 2023-07-08 16:00:11 +02:00			`vault {`
			`address = "{{ vault_agent_vault_address }}"`
			`}`

			`auto_auth {`
			`{% if vault_agent_auth == 'approle' %}`
			`method {`
			`type = "approle"`
			`config {`
			`role_id_file_path = "{{ vault_agent_root_dir }}/auth/role_id"`
			`secret_id_file_path = "{{ vault_agent_root_dir }}/auth/secret_id"`
			`remove_secret_id_file_after_reading = false`
			`}`
			`}`
			`{% elif vault_agent_auth == 'token' %}`
			`method {`
			`type = "token_file"`
			`config {`
			`token_file_path = "{{ vault_agent_root_dir }}/auth/token"`
			`}`
			`}`
			`{% endif %}`

			`# Not used, but prevent service failing if there's not template yet`
			`sink {`
			`type = "file"`
			`wrap_ttl = "1s"`
			`config = {`
			`path = "/run/vault_agent/vault.token"`
Update to 2023-07-19 18:00 2023-07-19 18:00:26 +02:00			`mode = 0600`
Update to 2023-07-08 16:00 2023-07-08 16:00:11 +02:00			`}`
			`}`
			`}`

			`{% for template in vault_agent_templates %}`
			`template {`
			`{% if template.source is defined %}`
			`source = "{{ template.source }}"`
			`{% elif template.contents is defined %}`
			`contents = "{{ template.contents }}"`
			`{% endif %}`
			`destination = "{{ template.destination }}"`
			`{% for prop in ['left_delimiter', 'right_delimiter', 'perms'] %}`
			`{% if template[prop] is defined %}`
			`{{ prop }} = "{{ template[prop] }}"`
			`{% endif %}`
			`{% endfor %}`

			`{% if template.exec is defined and template.exec.command is defined %}`
			`exec {`
			`{% if template.exec.timeout is defined %}`
			`timeout = "{{ template.exec.timeout }}"`
			`{% endif %}`
			`command = "template.exec.command"`
			`}`
			`{% endif %}`
			`}`
			`{% endfor %}`