# Configurations for the vault
vault:
  # If a password "vault" should be used
  # That is, if a dedicated software for secret management should be used
  # This should virtually always be true as it's the most secure option
  enabled: true

  # The type of password "vault" (or storage if `enabled` is `false`) to use.
  # 
  # Vaults
  # ------
  # The following table lists the supported "vault" types:
  # 
  # | Type        | Description          | Current Status | Required Fields                                     |
  # | ----------- | -------------------- | -------------- | --------------------------------------------------- |
  # | `hashicorp` | Uses Hashicorp Vault | Implemented    | `vaultName` (if `create` not true)                  |
  # | `azure`     | Uses Azure Key Vault | Implemented    | `vaultName`, `clientId`, `clientSecret`, `tenantId` |
  # 
  # Storage
  # -------
  # The following table lists the supported storage types.
  # These are methods OUTSIDE of a dedicated "vault" software.
  # These are generally **discouraged** as they are less secure.
  # 
  # | Type        | Description                     | Current Status | Required Fields  |
  # | ----------- | ------------------------------- | -------------- | ---------------- |
  # | `file`      | Uses a file                     | To-Do          | `path`           |
  # | `mem`       | Uses in-memory (no persistance) | To-Do          | N/A              |
  #  
  type: 'hashicorp'

  # The name of the vault instance to connect to
  # 
  # This is relevant if type is set to `hashicorp` or `azure`
  # Note, if `create` is true this is ignored
  # 
  # For `hashicorp`, this is generally the hostname of the Hashicorp Vault instance to connect to
  # For `azure`, this is the name of the Azure Key Vault instance to connect to
  #vaultName: ''

  # The port of the vault instance to connect to
  # 
  # ONLY RELEVANT iF `type` IS SET TO `hashicorp` AND `create` IS NOT TRUE
  #vaultPort: 8200

  # The client ID of the Azure Key Vault instance
  # 
  # ONLY RELEVANT IF `type` IS SET TO `azure`
  #client-id: ""
  
  # The client secret of the Azure Key Vault instance
  # 
  # ONLY RELEVANT IF `type` IS SET TO `azure`
  #client-secret: ""
  
  # The tenant ID of the Azure Key Vault instance
  # 
  # ONLY RELEVANT IF `type` IS SET TO `azure`
  #tenant-id: ""
  
  # Configurations to create a Hashicorp Vault instance as part of the Helm chart
  # 
  # THIS IS ONLY RELEVANT IF `type` IS SET TO `hashicorp`
  create:
    # If a Hashicorp Vault instance should be created as part of the Helm chart
    enabled: true

    # Configurations for the image to use if creating the Hashicorp Vault instance
    # as part of the Helm chart
    image:
      # The repository of the image to use
      repository: <redacted-private-repo>/ba-custom-hashicorp-vault 

      # The tag of the image to use
      tag: latest
    
    # Configurations for the ingress of the created Hashicorp Vault instance
    ingress:
      # If an ingress should be created for the created Hashicorp Vault instance
      enabled: true

      # The host of the ingress for the created Hashicorp Vault instance
      host: vault.<redacted-private-hostname>
    
    # As part of the custom Hashicorp Vault image it includes a "snapshot server"
    # This allows for the triggering and receiving of manual backups ("snapshots") and restoration via HTTP
    snapshotServer:
      # If the snapshot server should be enabled/running
      enabled: true

      # The external port that is opened via the service resource
      externalPort: 81

      # The internal port that the snapshot server listens on
      internalPort: 8300