secretumvault/deploy/helm/templates/configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "secretumvault.fullname" . }}-config
  namespace: {{ .Values.global.namespace }}
  labels:
    {{- include "secretumvault.labels" . | nindent 4 }}
data:
  svault.toml: |
    [vault]
    crypto_backend = "{{ .Values.vault.config.cryptoBackend }}"

    [server]
    address = "0.0.0.0"
    port = 8200

    [storage]
    backend = "{{ .Values.vault.config.storageBackend }}"

    [storage.etcd]
    {{- if eq .Values.vault.config.storageBackend "etcd" }}
    endpoints = ["http://{{ include "secretumvault.fullname" . }}-etcd-client:2379"]
    {{- else }}
    endpoints = ["http://localhost:2379"]
    {{- end }}

    [storage.surrealdb]
    {{- if eq .Values.vault.config.storageBackend "surrealdb" }}
    url = "ws://{{ include "secretumvault.fullname" . }}-surrealdb-client:8000"
    {{- else }}
    url = "ws://localhost:8000"
    {{- end }}

    [storage.postgresql]
    {{- if eq .Values.vault.config.storageBackend "postgresql" }}
    connection_string = "postgres://{{ .Values.postgresql.auth.username }}:${DB_PASSWORD}@{{ include "secretumvault.fullname" . }}-postgresql:5432/{{ .Values.postgresql.auth.database }}"
    {{- else }}
    connection_string = "postgres://vault:${DB_PASSWORD}@localhost:5432/secretumvault"
    {{- end }}

    [seal]
    seal_type = "{{ .Values.vault.config.sealType }}"

    [seal.shamir]
    threshold = {{ .Values.vault.config.seal.threshold }}
    shares = {{ .Values.vault.config.seal.shares }}

    {{- if .Values.vault.config.engines.kv }}
    [engines.kv]
    path = "secret/"
    versioned = true
    {{- end }}

    {{- if .Values.vault.config.engines.transit }}
    [engines.transit]
    path = "transit/"
    versioned = true
    {{- end }}

    {{- if .Values.vault.config.engines.pki }}
    [engines.pki]
    path = "pki/"
    versioned = false
    {{- end }}

    {{- if .Values.vault.config.engines.database }}
    [engines.database]
    path = "database/"
    versioned = false
    {{- end }}

    [logging]
    level = "{{ .Values.vault.config.logging.level }}"
    format = "{{ .Values.vault.config.logging.format }}"
    ansi = {{ .Values.vault.config.logging.ansi }}

    [telemetry]
    prometheus_port = {{ .Values.vault.config.telemetry.prometheusPort }}
    enable_trace = {{ .Values.vault.config.telemetry.enableTrace }}

    [auth]
    default_ttl = {{ .Values.vault.config.auth.defaultTtl }}
chore: source code, docs and tools 2025-12-22 21:34:01 +00:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: {{ include "secretumvault.fullname" . }}-config`
			`namespace: {{ .Values.global.namespace }}`
			`labels:`
			`{{- include "secretumvault.labels" . \| nindent 4 }}`
			`data:`
			`svault.toml: \|`
			`[vault]`
			`crypto_backend = "{{ .Values.vault.config.cryptoBackend }}"`

			`[server]`
			`address = "0.0.0.0"`
			`port = 8200`

			`[storage]`
			`backend = "{{ .Values.vault.config.storageBackend }}"`

			`[storage.etcd]`
			`{{- if eq .Values.vault.config.storageBackend "etcd" }}`
			`endpoints = ["http://{{ include "secretumvault.fullname" . }}-etcd-client:2379"]`
			`{{- else }}`
			`endpoints = ["http://localhost:2379"]`
			`{{- end }}`

			`[storage.surrealdb]`
			`{{- if eq .Values.vault.config.storageBackend "surrealdb" }}`
			`url = "ws://{{ include "secretumvault.fullname" . }}-surrealdb-client:8000"`
			`{{- else }}`
			`url = "ws://localhost:8000"`
			`{{- end }}`

			`[storage.postgresql]`
			`{{- if eq .Values.vault.config.storageBackend "postgresql" }}`
			`connection_string = "postgres://{{ .Values.postgresql.auth.username }}:${DB_PASSWORD}@{{ include "secretumvault.fullname" . }}-postgresql:5432/{{ .Values.postgresql.auth.database }}"`
			`{{- else }}`
			`connection_string = "postgres://vault:${DB_PASSWORD}@localhost:5432/secretumvault"`
			`{{- end }}`

			`[seal]`
			`seal_type = "{{ .Values.vault.config.sealType }}"`

			`[seal.shamir]`
			`threshold = {{ .Values.vault.config.seal.threshold }}`
			`shares = {{ .Values.vault.config.seal.shares }}`

			`{{- if .Values.vault.config.engines.kv }}`
			`[engines.kv]`
			`path = "secret/"`
			`versioned = true`
			`{{- end }}`

			`{{- if .Values.vault.config.engines.transit }}`
			`[engines.transit]`
			`path = "transit/"`
			`versioned = true`
			`{{- end }}`

			`{{- if .Values.vault.config.engines.pki }}`
			`[engines.pki]`
			`path = "pki/"`
			`versioned = false`
			`{{- end }}`

			`{{- if .Values.vault.config.engines.database }}`
			`[engines.database]`
			`path = "database/"`
			`versioned = false`
			`{{- end }}`

			`[logging]`
			`level = "{{ .Values.vault.config.logging.level }}"`
			`format = "{{ .Values.vault.config.logging.format }}"`
			`ansi = {{ .Values.vault.config.logging.ansi }}`

			`[telemetry]`
			`prometheus_port = {{ .Values.vault.config.telemetry.prometheusPort }}`
			`enable_trace = {{ .Values.vault.config.telemetry.enableTrace }}`

			`[auth]`
			`default_ttl = {{ .Values.vault.config.auth.defaultTtl }}`