add vault option

2022-03-22 18:38:02 +01:00 · 2022-03-22 18:38:02 +01:00 · 1d6d26428e
commit 1d6d26428e
parent 58f257a126
2 changed files with 17 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -3,3 +3,9 @@ nomad_data_dir: /opt/nomad
 nomad_bind_addr: 0.0.0.0
 nomad_datacenter: dc1
 nomad_bootstrap_expect: 3
+nomad_vault_enabled: False
+nomad_vault_address: "https://active.vault.service.consul:8200"
+nomad_vault_token_ttl: "1h"
+nomad_vault_namespace: "secrets/nomad/"
+nomad_vault_role: "nomad-cluster"
+nomad_vault_token: ""
--- a/templates/config.hcl.j2
+++ b/templates/config.hcl.j2
@ -20,3 +20,14 @@ plugin "raw_exec" {
 consul {
  address = "127.0.0.1:8500"
 }
+
+{% if  nomad_vault_enabled %}
+vault {
+  enabled = true
+  address = {{ nomad_vault_address}}
+  create_from_role =  {{ nomad_vault_role }}
+  token = {{ nomad_vault_token }}
+  namespace = {{ nomad_vault_namespace}}
+  task_token_ttl = {{ nomad_vault_token_ttl }}
+}
+{% endif %}