40 lines
803 B
HCL
40 lines
803 B
HCL
# Vault Agent Configuration - Migrations
|
|
# Uses nexus-migrate role: database/creds/nexus-migrate (15m TTL, DDL+DML)
|
|
# One-shot mode: render template once and exit
|
|
|
|
pid_file = "/tmp/vault-agent.pid"
|
|
|
|
vault {
|
|
address = "http://vault.example.local:8200"
|
|
}
|
|
|
|
auto_auth {
|
|
method "approle" {
|
|
config = {
|
|
role_id_file_path = "/vault/role-id"
|
|
secret_id_file_path = "/vault/secret-id"
|
|
remove_secret_id_file_after_reading = false
|
|
}
|
|
}
|
|
|
|
sink "file" {
|
|
config = {
|
|
path = "/vault/token"
|
|
mode = 0644
|
|
}
|
|
}
|
|
}
|
|
|
|
template_config {
|
|
exit_on_retry_failure = true
|
|
}
|
|
|
|
template {
|
|
source = "/vault/templates/env-migrate.ctmpl"
|
|
destination = "/vault/secrets/.env"
|
|
perms = 0644
|
|
}
|
|
|
|
# Exit after rendering (one-shot mode for migrations)
|
|
exit_after_auth = false
|