ef1926b5e4
* Simplify Run(): the function that was being sent over a channel doesn't need to close over anything except latestToken, and we don't need to create a new one each iteration. Instead just pass the relevant items, namely the token and sink to work on. * Disallow the following config combinations: 1. auto_auth.method.wrap_ttl > 0 and multiple file sinks 2. auto_auth.method.wrap_ttl > 0 and single file sink with wrap_ttl > 0 3. auto_auth.method.wrap_ttl > 0 and cache.use_auto_auth_token = true * Expose errors that occur when APIProxy is forwarding request to Vault. * Fix merge issues.
53 lines
865 B
HCL
53 lines
865 B
HCL
pid_file = "./pidfile"
|
|
|
|
auto_auth {
|
|
method {
|
|
type = "aws"
|
|
config = {
|
|
role = "foobar"
|
|
}
|
|
}
|
|
|
|
sink {
|
|
type = "file"
|
|
config = {
|
|
path = "/tmp/file-foo"
|
|
}
|
|
aad = "foobar"
|
|
dh_type = "curve25519"
|
|
dh_path = "/tmp/file-foo-dhpath"
|
|
}
|
|
}
|
|
|
|
cache {
|
|
use_auto_auth_token = true
|
|
}
|
|
|
|
listener "unix" {
|
|
address = "/path/to/socket"
|
|
tls_disable = true
|
|
socket_mode = "configmode"
|
|
socket_user = "configuser"
|
|
socket_group = "configgroup"
|
|
}
|
|
|
|
listener "tcp" {
|
|
address = "127.0.0.1:8300"
|
|
tls_disable = true
|
|
}
|
|
|
|
listener "tcp" {
|
|
address = "127.0.0.1:8400"
|
|
tls_key_file = "/path/to/cakey.pem"
|
|
tls_cert_file = "/path/to/cacert.pem"
|
|
}
|
|
|
|
vault {
|
|
address = "http://127.0.0.1:1111"
|
|
ca_cert = "config_ca_cert"
|
|
ca_path = "config_ca_path"
|
|
tls_skip_verify = "true"
|
|
client_cert = "config_client_cert"
|
|
client_key = "config_client_key"
|
|
}
|