[Unit]
Description=Vault server
Requires=basic.target network.target
After=basic.target network.target

[Service]
User=vault
Group=vault
PrivateTmp=yes
ProtectSystem=full
ProtectHome=read-only
CapabilityBoundingSet=CAP_IPC_LOCK
Environment=GOMAXPROCS=2
ExecStart=/bin/vault server -config=/etc/vault/vault.hcl
KillSignal=SIGINT
TimeoutStopSec=30s
Restart=on-failure
StartLimitInterval=60s
StartLimitBurst=3

[Install]
WantedBy=multi-user.target