This repository was archived by the owner on Nov 16, 2023. It is now read-only.
File tree Expand file tree Collapse file tree 2 files changed +5
-27
lines changed Expand file tree Collapse file tree 2 files changed +5
-27
lines changed Original file line number Diff line number Diff line change @@ -19,10 +19,6 @@ Axiomatic uses environment variables to override the default configuration value
1919* AXIOMATIC_SSH_PRIV_KEY (** required** ) is the private ssh key used for cloning repositories. It must be base64 encoded.
2020* AXIOMATIC_SSH_PUB_KEY (** required** ) is the public ssh key used for cloning repositories.
2121* NOMAD_ADDR is the address of the Nomad server. Default = ` http://127.0.0.1:4646 `
22- * NOMAD_CACERT is the path to a PEM encoded CA cert file to use to verify the Nomad server SSL certificate.
23- * NOMAD_CAPATH is the path to a directory of PEM encoded CA cert files to verify the Nomad server SSL certificate.
24- * NOMAD_CLIENT_CERT Path to a PEM encoded client certificate for TLS authentication to the Nomad server.
25- * NOMAD_CLIENT_KEY Path to an unencrypted PEM encoded private key matching the client certificate.
2622* NOMAD_NAMESPACE is the target namespace for queries and actions. Default = ` default `
2723* NOMAD_REGION is region of the Nomad servers to forward commands.
2824* NOMAD_TOKEN is the SecretID of an ACL token to use to authenticate API requests.
Original file line number Diff line number Diff line change @@ -23,33 +23,15 @@ job "axiomatic" {
2323 AXIOMATIC_IP = " 0.0.0.0"
2424 AXIOMATIC_PORT = " 8181"
2525 GITHUB_SECRET = " you-deserve-what-you-get"
26- NOMAD_CACERT = " /local/certs/nomad-ca.pem"
27- NOMAD_CLIENT_CERT = " /local/certs/cli.pem"
28- NOMAD_CLIENT_KEY = " /local/certs/cli-key.pem"
2926 }
3027 template {
3128 data = << EOH
32- {{ with secret "pki_int/issue/ nomad-cluster" "ttl=24h " }}
33- {{ .Data.issuing_ca }}
29+ NOMAD_TOKEN= {{ with secret "secrets/team/empower-rangers/ nomad-bootstrap-token " }}
30+ {{ .Data.token }}
3431{{ end }}
3532EOH
36- destination = " /local/certs/nomad-ca.pem"
37- }
38- template {
39- data = << EOH
40- {{ with secret "pki_int/issue/nomad-cluster" "ttl=24h" }}
41- {{ .Data.certificate }}
42- {{ end }}
43- EOH
44- destination = " /local/certs/cli.pem"
45- }
46- template {
47- data = << EOH
48- {{ with secret "pki_int/issue/nomad-cluster" "ttl=24h" }}
49- {{ .Data.private_key }}
50- {{ end }}
51- EOH
52- destination = " /local/certs/cli-key.pem"
33+ destination = " local/secrets.env"
34+ env = true
5335 }
5436
5537 resources {
7759 type = " service"
7860
7961 vault =
80- policies = [" tls-policy "
62+ policies = [" secrets-team-empower-rangers-read "
8163 }
8264}
You can’t perform that action at this time.
0 commit comments