Skip to content

Commit

Permalink
fix: only set client_ca_file for tcp listener when defined
Browse files Browse the repository at this point in the history
  • Loading branch information
@gardar @bbaassssiiee
gardar authored and bbaassssiiee committed Feb 3, 2023
1 parent 6a18b80 commit a7a314c
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 1 deletion.
5 changes: 5 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -965,6 +965,11 @@ available starting at Vault version 1.4.
- Override with `VAULT_TLS_CA_CRT` environment variable
- Default value: `ca.crt`

### `vault_tls_client_ca_file`

- Client CA certificate filename
- Default value: ``

### `vault_tls_cert_file`

- Server certificate
Expand Down
1 change: 1 addition & 0 deletions defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,6 +293,7 @@ vault_protocol: "{% if vault_tls_disable %}http{% else %}https{% endif %}"
vault_tls_cert_file: "{{ lookup('env', 'VAULT_TLS_CERT_FILE') | default(('tls.crt' if (vault_install_hashi_repo) else 'server.crt'), true) }}"
vault_tls_key_file: "{{ lookup('env', 'VAULT_TLS_KEY_FILE') | default(('tls.key' if (vault_install_hashi_repo) else 'server.key'), true) }}"
vault_tls_ca_file: "{{ lookup('env', 'VAULT_TLS_CA_CRT') | default('ca.crt', true) }}"
vault_tls_client_ca_file: ""

vault_tls_min_version: "{{ lookup('env', 'VAULT_TLS_MIN_VERSION') | default('tls12', true) }}"
vault_tls_cipher_suites: ""
Expand Down
4 changes: 3 additions & 1 deletion templates/vault_main_configuration.hcl.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,9 @@ listener "tcp" {
{% endif -%}
{% endif -%}
{% if not (l.vault_tls_disable | bool) -%}
tls_client_ca_file="{{ l.vault_tls_certs_path }}/{{ l.vault_tls_ca_file }}"
{% if (l.vault_tls_client_ca_file is defined) -%}
tls_client_ca_file="{{ l.vault_tls_certs_path }}/{{ l.vault_tls_client_ca_file }}"
{% endif -%}
tls_cert_file = "{{ l.vault_tls_certs_path }}/{{ l.vault_tls_cert_file }}"
tls_key_file = "{{ l.vault_tls_private_path }}/{{ l.vault_tls_key_file }}"
tls_min_version = "{{ l.vault_tls_min_version }}"
Expand Down

0 comments on commit a7a314c

Please sign in to comment.