From d69e7999a35a27f62b411fd719fede268455e896 Mon Sep 17 00:00:00 2001 From: thomas-VIGINUM <191891091+thomas-VIGINUM@users.noreply.github.com> Date: Fri, 21 Mar 2025 14:51:09 +0100 Subject: [PATCH] feat: allow additional environment variables --- defaults/main.yml | 3 +++ role_variables.md | 12 ++++++++++++ templates/vault_service_systemd.j2 | 3 +++ 3 files changed, 18 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index dc46b363..7ec98832 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -92,6 +92,9 @@ vault_listener_localhost_enable: false vault_http_proxy: "" vault_https_proxy: "" vault_no_proxy: "" +vault_additional_environment_variables: {} +# FOO: bar +# FOO2: bar2 # --------------------------------------------------------------------------- # TCP listeners diff --git a/role_variables.md b/role_variables.md index afcfbd87..0ffbdf32 100644 --- a/role_variables.md +++ b/role_variables.md @@ -816,6 +816,18 @@ available starting at Vault version 1.4. - Comma separated values which specify hosts that should be exluded from proxying. Follows [golang conventions](https://godoc.org/golang.org/x/net/http/httpproxy) - Default value: `""` +## `vault_additional_environment_variables` + +- Dict of items of type `Dict[str, str]` to add additional environment variables to the systemd service +- Default value: `{}` + +Example: + +```yaml +vault_additional_environment_variables: + FOO: bar +``` + ## `vault_cluster_address` - Address to bind to for cluster server-to-server requests diff --git a/templates/vault_service_systemd.j2 b/templates/vault_service_systemd.j2 index 5f1482f1..3054bbe1 100644 --- a/templates/vault_service_systemd.j2 +++ b/templates/vault_service_systemd.j2 @@ -37,6 +37,9 @@ Environment=HTTPS_PROXY={{ vault_https_proxy }} {% if vault_no_proxy -%} Environment=NO_PROXY={{ vault_no_proxy }} {% endif -%} +{% for _vault_variable_name, _vault_variable_value in vault_additional_environment_variables.items() -%} +Environment={{ _vault_variable_name }}={{ _vault_variable_value }} +{% endfor -%} ExecStart=/bin/sh -c 'exec {{ vault_bin_path }}/vault server -config={{ vault_config_path if vault_use_config_path else vault_main_config }} -log-level={{ vault_log_level | lower }} {{ vault_exec_output }}' ExecReload=/bin/kill --signal HUP $MAINPID KillMode=process