vault { address = "{{ vault_agent_vault_address }}" } auto_auth { {% if vault_agent_auth == 'approle' %} method { type = "approle" config { role_id_file_path = "{{ vault_agent_root_dir }}/auth/role_id" secret_id_file_path = "{{ vault_agent_root_dir }}/auth/secret_id" remove_secret_id_file_after_reading = false } } {% elif vault_agent_auth == 'token' %} method { type = "token_file" config { token_file_path = "{{ vault_agent_root_dir }}/auth/token" } } {% endif %} # Not used, but prevent service failing if there's not template yet sink { type = "file" config = { path = "/run/vault_agent/vault.token" mode = 0600 } } {% for sink in vault_agent_sinks %} sink { type = "file" {% if sink.wrap_ttl is defined %} wrap_ttl = "{{ sink.wrap_ttl }}" {% endif %} config { path = "{{ sink.path }}" {% if sink.mode is defined %} mode = {{ sink.mode }} {% endif %} } } {% endfor %} } {% for template in vault_agent_templates %} template { {% if template.source is defined %} source = "{{ template.source }}" {% elif template.contents is defined %} contents = "{{ template.contents }}" {% elif template.data is defined %} source = "{{ vault_agent_root_dir }}/templates/ansible/{{ template.destination | regex_replace('/', '_') }}" {% endif %} destination = "{{ template.destination }}" {% for prop in ['left_delimiter', 'right_delimiter', 'perms'] %} {% if template[prop] is defined %} {{ prop }} = "{{ template[prop] }}" {% endif %} {% endfor %} {% if template.exec is defined and template.exec.command is defined %} exec { {% if template.exec.timeout is defined %} timeout = "{{ template.exec.timeout }}" {% endif %} command = "{{ template.exec.command }}" } {% endif %} } {% endfor %}