secretumvault/deploy/k8s/02-configmap.yaml

---
# ConfigMap for SecretumVault configuration
apiVersion: v1
kind: ConfigMap
metadata:
  name: vault-config
  namespace: secretumvault
data:
  svault.toml: |
    [vault]
    crypto_backend = "openssl"

    [server]
    address = "0.0.0.0"
    port = 8200

    [storage]
    # Use etcd backend deployed in the cluster
    backend = "etcd"

    [storage.etcd]
    # Connect to etcd service via Kubernetes DNS
    endpoints = ["http://vault-etcd:2379"]

    [storage.surrealdb]
    url = "ws://vault-surrealdb:8000"

    [storage.postgresql]
    connection_string = "postgres://vault:${DB_PASSWORD}@vault-postgres:5432/secretumvault"

    [crypto]
    # Using OpenSSL backend (stable)

    [seal]
    seal_type = "shamir"

    [seal.shamir]
    threshold = 2
    shares = 3

    [engines.kv]
    path = "secret/"
    versioned = true

    [engines.transit]
    path = "transit/"
    versioned = true

    [engines.pki]
    path = "pki/"
    versioned = false

    [engines.database]
    path = "database/"
    versioned = false

    [logging]
    level = "info"
    format = "json"
    ansi = true

    [telemetry]
    prometheus_port = 9090
    enable_trace = false

    [auth]
    default_ttl = 24
chore: source code, docs and tools 2025-12-22 21:34:01 +00:00			`---`
			`# ConfigMap for SecretumVault configuration`
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: vault-config`
			`namespace: secretumvault`
			`data:`
			`svault.toml: \|`
			`[vault]`
			`crypto_backend = "openssl"`

			`[server]`
			`address = "0.0.0.0"`
			`port = 8200`

			`[storage]`
			`# Use etcd backend deployed in the cluster`
			`backend = "etcd"`

			`[storage.etcd]`
			`# Connect to etcd service via Kubernetes DNS`
			`endpoints = ["http://vault-etcd:2379"]`

			`[storage.surrealdb]`
			`url = "ws://vault-surrealdb:8000"`

			`[storage.postgresql]`
			`connection_string = "postgres://vault:${DB_PASSWORD}@vault-postgres:5432/secretumvault"`

			`[crypto]`
			`# Using OpenSSL backend (stable)`

			`[seal]`
			`seal_type = "shamir"`

			`[seal.shamir]`
			`threshold = 2`
			`shares = 3`

			`[engines.kv]`
			`path = "secret/"`
			`versioned = true`

			`[engines.transit]`
			`path = "transit/"`
			`versioned = true`

			`[engines.pki]`
			`path = "pki/"`
			`versioned = false`

			`[engines.database]`
			`path = "database/"`
			`versioned = false`

			`[logging]`
			`level = "info"`
			`format = "json"`
			`ansi = true`

			`[telemetry]`
			`prometheus_port = 9090`
			`enable_trace = false`

			`[auth]`
			`default_ttl = 24`