vault {
  address      = "{{ vault_address }}"
  auth {
    method "approle" {
      config = {
        role_id   = "{{ vault_approle_role_id }}"
        secret_id = "{{ vault_approle_secret_id }}"
      }
    }
  }
  renew_token = true
}

log_level = "{{ consul_template.log_level | default('INFO') }}"

template {
  source      = "{{ consul_template.config_dir }}/certificate.ctmpl"
  destination = "{{ certificate_paths.cert_dir }}/{{ certificate_paths.cert_file }}"
  command     = "{{ service_reload_commands[certificate_service | default('default')] }}"
  perms       = 0644
}

template {
  source      = "{{ consul_template.config_dir }}/private_key.ctmpl"
  destination = "{{ certificate_paths.private_dir }}/{{ certificate_paths.private_key_file }}"
  command     = "chmod 600 {{ certificate_paths.private_dir }}/{{ certificate_paths.private_key_file }}"
  perms       = 0600
}

template {
  source      = "{{ consul_template.config_dir }}/chain_pem.ctmpl"
  destination = "{{ certificate_paths.private_dir }}/{{ certificate_paths.chain_file }}"
  command     = "chmod 600 {{ certificate_paths.private_dir }}/{{ certificate_paths.chain_file }}"
  perms       = 0600
}