ansible-infra/collections/ansible_collections/nullified/infrastructure/roles/vault/templates/config.hcl.j2

{%- if not hc_vault_server_config %}
ui = {% if hc_vault_enable_ui %}true{% else %}false{% endif +%}
disable_mlock = false

storage "file" {
  path = "{{ hc_vault_root_dir }}/data"
}

# HTTPS listener
listener "tcp" {
  address         = "0.0.0.0:8200"
  tls_cert_file   = "{{ hc_vault_root_dir }}/tls/tls.cert"
  tls_key_file    = "{{ hc_vault_root_dir }}/tls/tls.key"
  tls_min_version = "tls13"
}
{%- else %}
{{ hc_vault_server_config }}
{% endif %}