b59f8b8b4c
* adding CRT to main branch * cleanup * um i dont know how that got removed but heres the fix * add vault.service Co-authored-by: Kyle Penfound <kpenfound11@gmail.com>
48 lines
975 B
HCL
48 lines
975 B
HCL
# Full configuration options can be found at https://www.vaultproject.io/docs/configuration
|
|
|
|
ui = true
|
|
|
|
#mlock = true
|
|
#disable_mlock = true
|
|
|
|
storage "file" {
|
|
path = "/opt/vault/data"
|
|
}
|
|
|
|
#storage "consul" {
|
|
# address = "127.0.0.1:8500"
|
|
# path = "vault"
|
|
#}
|
|
|
|
# HTTP listener
|
|
#listener "tcp" {
|
|
# address = "127.0.0.1:8200"
|
|
# tls_disable = 1
|
|
#}
|
|
|
|
# HTTPS listener
|
|
listener "tcp" {
|
|
address = "0.0.0.0:8200"
|
|
tls_cert_file = "/opt/vault/tls/tls.crt"
|
|
tls_key_file = "/opt/vault/tls/tls.key"
|
|
}
|
|
|
|
# Enterprise license_path
|
|
# This will be required for enterprise as of v1.8
|
|
#license_path = "/etc/vault.d/vault.hclic"
|
|
|
|
# Example AWS KMS auto unseal
|
|
#seal "awskms" {
|
|
# region = "us-east-1"
|
|
# kms_key_id = "REPLACE-ME"
|
|
#}
|
|
|
|
# Example HSM auto unseal
|
|
#seal "pkcs11" {
|
|
# lib = "/usr/vault/lib/libCryptoki2_64.so"
|
|
# slot = "0"
|
|
# pin = "AAAA-BBBB-CCCC-DDDD"
|
|
# key_label = "vault-hsm-key"
|
|
# hmac_key_label = "vault-hsm-hmac-key"
|
|
#}
|