--- vault_image: "docker.io/hashicorp/vault:latest" vault_url: "http://localhost:8200" vault_restart_policy: always vault_service_stopped: False vault_config_volume: "vault-config" vault_data_volume: "vault-data" # @var vault_volumes:description: > Define required docker volumes. # @end # @var vault_volumes:example: > # vault_volumes: # - name: data # # target location inside the container # dest: /var/www/app/data # type: volume # @end vault_volumes: - name: "{{ vault_config_volume }}" dest: /vault/config - name: "{{ vault_data_volume }}" dest: /vault/file # @var vault_network:description: > # Name of the container network. If the name ends with `.network`, the network will be created with the specified configuration. # Otherwise, the network must already exist and the container will be attached to the network. # @end vault_network: "vault.network" vault_network_ipv6_enabled: False # @var vault_network_ipv6_subnet:value: $ "_unset_" # @var vault_network_ipv6_subnet:example: $ "fd00:0:0:2::/64" # @var vault_network_ipv6_gateway:value: $ "_unset_" # @var vault_network_ipv6_gateway:example: $ "fd00:0:0:2::1" # @var vault_network_ipv4_subnet:value: $ "_unset_" # @var vault_network_ipv4_gateway:value: $ "_unset_" # @var vault_exposed_ports:description: > # Ports you want to publish outside of Docker. Vault is running on `8200` inside of the container. # @end vault_exposed_ports: [] vault_cap_add: - ipc_lock vault_cap_drop: [] vault_podman_args: - --pids-limit=-1 - --userns=host - --health-cmd='["wget", "--spider", "--proxy", "off", "http://localhost:8200/{{ __vault_health_path }}"]' - --health-interval=5s - --health-timeout=5s - --health-retries=6 - --health-on-failure=kill vault_log_level: warn vault_default_lease_ttl: 24h vault_max_lease_ttl: 240h vault_ui: True vault_disable_clustering: True vault_unseal_keys: [] vault_auto_unseal: False