23 lines
718 B
YAML
23 lines
718 B
YAML
---
|
|
# --- Vault API ---
|
|
vault_url: "http://nas.lan.toal.ca:8200"
|
|
vault_validate_certs: false
|
|
|
|
# --- Init ---
|
|
vault_init_key_shares: 5
|
|
vault_init_key_threshold: 3
|
|
|
|
# --- OIDC ---
|
|
vault_oidc_client_id: vault
|
|
vault_oidc_admin_group: vault-admins
|
|
vault_oidc_default_ttl: 1h
|
|
vault_oidc_max_ttl: 8h
|
|
|
|
# --- Unseal ---
|
|
# vault_unseal_keys: [] # list of 3+ unseal key strings (from 1Password)
|
|
|
|
# --- Secrets (required, set via vault or host_vars) ---
|
|
# vault_vault_root_token: # root token from 1Password (required for Play 2)
|
|
# vault_vault_oidc_client_secret: # OIDC client secret from Keycloak (required for Play 2)
|
|
# vault_oidc_issuer: # e.g. https://keycloak.apps.openshift.toal.ca/realms/toallab
|