Skip to main content
Loading

Configuration Template

service: # at least one service is required
  tcp:
    endpoint: 0.0.0.0:3005 # mandatory
    tls: # optional
      cert-file : <path-to-cert-file>
      key-file : <path-to-key-file>
      ca-file : <path-to-ca-file> # optional - needed for mutual tls only
  uds:
    socket-path : <path-to-socket> # mandatory
  http:
    endpoint: 0.0.0.0:8080 # mandatory
    metrics: # optional
      prometheus: # optional
        labels: # optional
          <label-name-1>: <label-value-1>
          <label-name-2>: <label-value-2>
          <label-name-3>: <label-value-3>

secret-manager: # exactly one secret manager is required
  aws:
    region: <region> # mandatory
    access-key-id: <access-key-id> # optional
    secret-access-key: <secret-access-key> # optional
    assume-role: <role-arn> # optional
    convert-to-base64: <true/false> # optional (default is false)
    resources: # mandatory
      <resource-name-1>: <arn-1>
      <resource-name-2>: <arn-2>
      <resource-name-3>: <arn-3>
  gcp:
    credential-file: <path-to-credential-file> # optional
    impersonate: <service-account> # optional
    convert-to-base64: <true/false> # optional (default is false)
    resources: # mandatory
      <resource-name-1>: <resource-path-with-version-1>
      <resource-name-2>: <resource-path-with-version-2>
      <resource-name-3>: <resource-path-with-version-3>
  vault:
    endpoint: <vault-endpoint> # mandatory
    ca-file: <path-to-ca-file> # optional
    ca-path: <path-to-ca-directory> # optional
    namespace: <vault-namespace> # optional

    # token-file or username,password-file or tls-auth-mount,client-cert-file,client-key-file is required
    token-file: <path-to-token-file>
    username: <username>
    password-file: <path-to-password-file>
    tls-auth-mount: <mount>
    client-cert-file: <path-to-client-cert-file>
    client-key-file: <path-to-client-key-file>

    convert-to-base64: <true/false> # optional (default is false)
    resources: # mandatory
      <resource-name-1>:
        mount: <mount-1> # mandatory
        secret: <secret-1> # mandatory
        version: <version-1> # optional (default is 0)
      <resource-name-2>:
        mount: <mount-2> # mandatory
        secret: <secret-2> # mandatory
        version: <version-2> # optional (default is 0)
      <resource-name-3>:
        mount: <mount-3> # mandatory
        secret: <secret-3> # mandatory
        version: <version-3> # optional (default is 0)
  file:
    convert-to-base64: <true/false> # optional (default is false)
    resources: # mandatory
      <resource-name-1>: <path-to-json-file-1>
      <resource-name-2>: <path-to-json-file-2>
      <resource-name-3>: <path-to-json-file-3>

log: # optional
  file: <path-to-log-file> # optional (default is stdout)
  level: <level> # optional : supported values "error", "warn", "info", "debug", "trace" (default is "info")