apiVersion: v1
kind: ConfigMap
metadata:
  name: {{ include "secretumvault.fullname" . }}-config
  namespace: {{ .Values.global.namespace }}
  labels:
    {{- include "secretumvault.labels" . | nindent 4 }}
data:
  svault.toml: |
    [vault]
    crypto_backend = "{{ .Values.vault.config.cryptoBackend }}"

    [server]
    address = "0.0.0.0"
    port = 8200

    [storage]
    backend = "{{ .Values.vault.config.storageBackend }}"

    [storage.etcd]
    {{- if eq .Values.vault.config.storageBackend "etcd" }}
    endpoints = ["http://{{ include "secretumvault.fullname" . }}-etcd-client:2379"]
    {{- else }}
    endpoints = ["http://localhost:2379"]
    {{- end }}

    [storage.surrealdb]
    {{- if eq .Values.vault.config.storageBackend "surrealdb" }}
    url = "ws://{{ include "secretumvault.fullname" . }}-surrealdb-client:8000"
    {{- else }}
    url = "ws://localhost:8000"
    {{- end }}

    [storage.postgresql]
    {{- if eq .Values.vault.config.storageBackend "postgresql" }}
    connection_string = "postgres://{{ .Values.postgresql.auth.username }}:${DB_PASSWORD}@{{ include "secretumvault.fullname" . }}-postgresql:5432/{{ .Values.postgresql.auth.database }}"
    {{- else }}
    connection_string = "postgres://vault:${DB_PASSWORD}@localhost:5432/secretumvault"
    {{- end }}

    [seal]
    seal_type = "{{ .Values.vault.config.sealType }}"

    [seal.shamir]
    threshold = {{ .Values.vault.config.seal.threshold }}
    shares = {{ .Values.vault.config.seal.shares }}

    {{- if .Values.vault.config.engines.kv }}
    [engines.kv]
    path = "secret/"
    versioned = true
    {{- end }}

    {{- if .Values.vault.config.engines.transit }}
    [engines.transit]
    path = "transit/"
    versioned = true
    {{- end }}

    {{- if .Values.vault.config.engines.pki }}
    [engines.pki]
    path = "pki/"
    versioned = false
    {{- end }}

    {{- if .Values.vault.config.engines.database }}
    [engines.database]
    path = "database/"
    versioned = false
    {{- end }}

    [logging]
    level = "{{ .Values.vault.config.logging.level }}"
    format = "{{ .Values.vault.config.logging.format }}"
    ansi = {{ .Values.vault.config.logging.ansi }}

    [telemetry]
    prometheus_port = {{ .Values.vault.config.telemetry.prometheusPort }}
    enable_trace = {{ .Values.vault.config.telemetry.enableTrace }}

    [auth]
    default_ttl = {{ .Values.vault.config.auth.defaultTtl }}