vault {
  address = "{{ consul_vault_agent.vault_address }}"
}

auto_auth {
{% if  consul_vault_agent.auth.approle is defined %}
  method {
    type = "approle"
    config {
      role_id_file_path   = "{{ consul_root_dir }}/vault/role_id"
      secret_id_file_path = "{{ consul_root_dir }}/vault/secret_id"
      remove_secret_id_file_after_reading = false
    }
  }
{% elif consul_vault_agent.auth.token is defined %}
  method {
    type = "token_file"
    config {
      token_file_path = "{{ consul_root_dir }}/vault/token"
    }
  }
{% endif %}

  sink {
    type = "file"
    wrap_ttl = "30s"
    config = {
      path = "/run/consul/vault_token"
      mode = 640
    }
  }
}

template {
  source = "{{ consul_root_dir }}/vault/templates/agent_bundle.pem.tpl"
  destination = "{{ consul_root_dir }}/tls/agent_bundle.pem"
  left_delimiter  = "[["
  right_delimiter = "]]"
  perms           = 0640
  exec {
    command = ["sh", "-c", "kill -USR1 $(cat /run/consul/consul_agent.pid)"]
  }
}