fix: allow user defined tls variables to be set instead of hardcoded default values (#385)

khawarizmus · web-flow · commit db36693ead78 · 2025-12-01T15:32:52.000+01:00
* fix: pass transit tls cert and key instaid of hardcoded default

* fix: update vault_transt_tls_ca_cert_file to use user provided value and keeping sensible default
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -329,9 +329,9 @@ vault_transit_disable_renewal: false
 vault_transit_key_name: 'autounseal'
 vault_transit_mount_path: "transit/"
 # vault_transit_namespace: ''
-vault_transit_tls_ca_cert_file: "{{ vault_tls_ca_file }}"
-vault_transit_tls_client_cert_file: "autounseal_client_cert.pem"
-vault_transit_tls_client_key_file: "autounseal_client_key.pem"
+vault_transit_tls_ca_cert_file: "{{ vault_transit_tls_ca_cert_file | default(vault_tls_ca_file) }}"
+vault_transit_tls_client_cert_file: "{{ vault_transit_tls_client_cert | default('autounseal_client_cert.pem', true) }}"
+vault_transit_tls_client_key_file: "{{ vault_transit_tls_client_key | default('autounseal_client_key.pem', true) }}"
 # vault_transit_tls_server_name: ''
 vault_transit_tls_skip_verify: "{{ lookup('env', 'VAULT_SKIP_VERIFY') | default('', false) }}"
 
