# Kratos Runtime Environment
# Rendered by Vault Agent from secret/data/nexus/kratos
# DSN points to PgBouncer (localhost:6432) which proxies to PostgreSQL with dynamic Vault creds

# Static DSN to PgBouncer - auth_type=trust so no password needed
# search_path is set in PgBouncer's connect_query
DSN="postgres://kratos@127.0.0.1:6432/nexus?sslmode=disable"

{{ with secret "secret/data/nexus/kratos" -}}
SECRETS_COOKIE="{{ .Data.data.secrets_cookie }}"
SECRETS_CIPHER="{{ .Data.data.secrets_cipher }}"
SECRETS_DEFAULT="{{ .Data.data.secrets_default }}"
COURIER_SMTP_CONNECTION_URI="{{ .Data.data.smtp_connection_uri }}"
COURIER_SMTP_FROM_ADDRESS="{{ .Data.data.smtp_from_address }}"
COURIER_SMTP_FROM_NAME="{{ .Data.data.smtp_from_name }}"
{{- end }}