42 lines
1.0 KiB
HCL
42 lines
1.0 KiB
HCL
# Vault Agent Configuration - PgBouncer
|
|
# Renders pgbouncer.ini with dynamic database credentials from Vault
|
|
# Sends SIGHUP to PgBouncer on credential refresh
|
|
|
|
pid_file = "/tmp/vault-agent.pid"
|
|
|
|
vault {
|
|
address = "http://vault.example.local:8200"
|
|
}
|
|
|
|
auto_auth {
|
|
method "approle" {
|
|
config = {
|
|
role_id_file_path = "/vault/role-id"
|
|
secret_id_file_path = "/vault/secret-id"
|
|
remove_secret_id_file_after_reading = false
|
|
}
|
|
}
|
|
|
|
sink "file" {
|
|
config = {
|
|
path = "/vault/token"
|
|
mode = 0644
|
|
}
|
|
}
|
|
}
|
|
|
|
template_config {
|
|
static_secret_render_interval = "5m"
|
|
exit_on_retry_failure = true
|
|
}
|
|
|
|
template {
|
|
source = "/vault/templates/pgbouncer.ini.ctmpl"
|
|
destination = "/etc/pgbouncer/pgbouncer.ini"
|
|
perms = 0644
|
|
|
|
exec {
|
|
command = ["sh", "-c", "PID=$(cat /var/run/pgbouncer/pgbouncer.pid 2>/dev/null); echo \"Sending SIGHUP to PgBouncer PID: $PID\"; kill -HUP $PID && echo 'SIGHUP sent successfully' || echo 'Failed to send SIGHUP (PgBouncer may not be running yet)'"]
|
|
}
|
|
}
|