ansible-roles/roles/vault/tasks/conf.yml

---

- name: Generate self-signed certificate
  import_tasks: ../includes/create_selfsigned_cert.yml
  vars:
    cert_path: "{{ vault_root_dir }}/tls/vault.crt"
    cert_key_path: "{{ vault_root_dir }}/tls/vault.key"
    cert_key_group: "{{ vault_user }}"
    cert_key_mode: 640
  tags: vault

- name: Deploy vault configuration
  template:
    src: vault.hcl.j2
    dest: "{{ vault_root_dir }}/etc/vault.hcl"
    owner: "{{ vault_user }}"
    group: "{{ vault_user }}"
    mode: 0400
  notify: restart vault
  tags: vault