Update to 2023-07-08 16:00

roles/vault_agent/templates/vault-agent.hcl.j2

@@ -0,0 +1,58 @@
+vault {
+  address = "{{ vault_agent_vault_address }}"
+}
+
+auto_auth {
+{% if vault_agent_auth == 'approle' %}
+  method {
+    type = "approle"
+    config {
+      role_id_file_path   = "{{ vault_agent_root_dir }}/auth/role_id"
+      secret_id_file_path = "{{ vault_agent_root_dir }}/auth/secret_id"
+      remove_secret_id_file_after_reading = false
+    }
+  }
+{% elif vault_agent_auth == 'token' %}
+  method {
+    type = "token_file"
+    config {
+      token_file_path = "{{ vault_agent_root_dir }}/auth/token"
+    }
+  }
+{% endif %}
+
+  # Not used, but prevent service failing if there's not template yet
+  sink {
+    type = "file"
+    wrap_ttl = "1s"
+    config = {
+      path = "/run/vault_agent/vault.token"
+      mode = 600
+    }
+  }
+}
+
+{% for template in vault_agent_templates %}
+template {
+{% if template.source is defined %}
+  source = "{{ template.source }}"
+{% elif template.contents is defined %}
+  contents = "{{ template.contents }}"
+{% endif %}
+  destination = "{{ template.destination }}"
+{% for prop in ['left_delimiter', 'right_delimiter', 'perms'] %}
+{% if template[prop] is defined %}
+  {{ prop }} = "{{ template[prop] }}"
+{% endif %}
+{% endfor %}
+
+{% if template.exec is defined and template.exec.command is defined %}
+  exec {
+{% if template.exec.timeout is defined %}
+    timeout = "{{ template.exec.timeout }}"
+{% endif %}
+    command = "template.exec.command"
+  }
+{% endif %}
+}
+{% endfor %}