19855efacc
Some checks failed
Tests / Go Tests (push) Has been cancelled
Tests / Python Tests (push) Has been cancelled
Tests / Integration Tests (push) Has been cancelled
Tests / Go Lint (push) Has been cancelled
Tests / Python Lint (push) Has been cancelled
Tests / Security Scan (push) Has been cancelled
Tests / All Checks Passed (push) Has been cancelled
Security Scanning / Secret Scanning (push) Has been cancelled
Security Scanning / Dependency Vulnerability Scan (push) Has been cancelled
Security Scanning / Go Security Scan (push) Has been cancelled
Security Scanning / Python Security Scan (push) Has been cancelled
Security Scanning / Node.js Security Scan (push) Has been cancelled
Security Scanning / Docker Image Security (push) Has been cancelled
Security Scanning / Security Summary (push) Has been cancelled
CI/CD Pipeline / Go Tests (push) Has been cancelled
CI/CD Pipeline / Python Tests (push) Has been cancelled
CI/CD Pipeline / Website Tests (push) Has been cancelled
CI/CD Pipeline / Linting (push) Has been cancelled
CI/CD Pipeline / Security Scan (push) Has been cancelled
CI/CD Pipeline / Docker Build & Push (push) Has been cancelled
CI/CD Pipeline / Integration Tests (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / CI Summary (push) Has been cancelled
ci/woodpecker/manual/build-ci-image Pipeline was successful
ci/woodpecker/manual/main Pipeline failed
All services: admin-v2, studio-v2, website, ai-compliance-sdk, consent-service, klausur-service, voice-service, and infrastructure. Large PDFs and compiled binaries excluded via .gitignore.
45 lines
983 B
HCL
45 lines
983 B
HCL
# Vault Agent Configuration for BreakPilot SSL Certificates
|
|
# Automatically renews certificates and updates nginx
|
|
|
|
pid_file = "/tmp/vault-agent.pid"
|
|
|
|
vault {
|
|
address = "http://vault:8200"
|
|
retry {
|
|
num_retries = 5
|
|
}
|
|
}
|
|
|
|
auto_auth {
|
|
method "approle" {
|
|
mount_path = "auth/approle"
|
|
config = {
|
|
role_id_file_path = "/vault/agent/data/role-id"
|
|
secret_id_file_path = "/vault/agent/data/secret-id"
|
|
remove_secret_id_file_after_reading = false
|
|
}
|
|
}
|
|
|
|
sink "file" {
|
|
config = {
|
|
path = "/vault/agent/data/token"
|
|
mode = 0600
|
|
}
|
|
}
|
|
}
|
|
|
|
# Single template that generates all certificate components
|
|
# Uses a single pkiCert call to ensure cert/key match
|
|
template {
|
|
source = "/vault/agent/templates/all.tpl"
|
|
destination = "/vault/certs/combined.pem"
|
|
perms = 0600
|
|
command = "sh /vault/agent/split-certs.sh"
|
|
}
|
|
|
|
# Listener for debugging (optional)
|
|
listener "tcp" {
|
|
address = "127.0.0.1:8100"
|
|
tls_disable = true
|
|
}
|