forked from cloudfoundry/bosh-deployment
-
Notifications
You must be signed in to change notification settings - Fork 0
/
credhub.yml
133 lines (133 loc) · 3.76 KB
/
credhub.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
- path: /releases/-
release: credhub
type: replace
value:
name: credhub
sha1: adc6af7b872d27c2fa920c479882a71d8a6048ce
url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/credhub-2.1.2-ubuntu-xenial-250.17-20190307-184327-812674904-20190307184338.tgz
version: 2.1.2
- path: /instance_groups/name=bosh/jobs/-
type: replace
value:
name: credhub
properties:
credhub:
authentication:
uaa:
ca_certs:
- ((uaa_ssl.ca))
url: https://((internal_ip)):8443
verification_key: ((uaa_jwt_signing_key.public_key))
authorization:
acls:
enabled: false
data_storage:
database: credhub
host: 127.0.0.1
password: ((postgres_password))
port: 5432
require_tls: false
type: postgres
username: postgres
encryption:
keys:
- active: true
key_properties:
encryption_password: ((credhub_encryption_password))
provider_name: internal
providers:
- name: internal
type: internal
tls: ((credhub_tls))
release: credhub
- path: /instance_groups/name=bosh/properties/postgres/additional_databases?/-
type: replace
value: credhub
- path: /instance_groups/name=bosh/properties/director/config_server?
type: replace
value:
ca_cert: ((credhub_tls.ca))
enabled: true
uaa:
ca_cert: ((uaa_ssl.ca))
client_id: director_to_credhub
client_secret: ((uaa_clients_director_to_credhub))
url: https://((internal_ip)):8443
url: https://((internal_ip)):8844/api/
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/director_to_credhub?
type: replace
value:
access-token-validity: 3600
authorities: credhub.read,credhub.write
authorized-grant-types: client_credentials
override: true
scope: ""
secret: ((uaa_clients_director_to_credhub))
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/credhub_cli?
type: replace
value:
access-token-validity: 60
authorities: ""
authorized-grant-types: password,refresh_token
override: true
refresh-token-validity: 1800
scope: credhub.read,credhub.write
secret: ""
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/credhub-admin?
type: replace
value:
access-token-validity: 3600
authorities: credhub.read,credhub.write
authorized-grant-types: client_credentials
override: true
scope: ""
secret: ((credhub_admin_client_secret))
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/scim/users/name=credhub_cli_user?/password
type: replace
value: ((credhub_cli_user_password))
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/scim/users/name=credhub_cli_user?/groups
type: replace
value:
- credhub.read
- credhub.write
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/jwt/revocable?
type: replace
value: true
- path: /variables/-
type: replace
value:
name: credhub_cli_user_password
type: password
- path: /variables/-
type: replace
value:
name: credhub_ca
options:
common_name: CredHub CA
is_ca: true
type: certificate
- path: /variables/-
type: replace
value:
name: credhub_tls
options:
alternative_names:
- ((internal_ip))
ca: credhub_ca
common_name: ((internal_ip))
type: certificate
- path: /variables/-
type: replace
value:
name: credhub_encryption_password
type: password
- path: /variables/-
type: replace
value:
name: uaa_clients_director_to_credhub
type: password
- path: /variables/-
type: replace
value:
name: credhub_admin_client_secret
type: password