Move stunnel psks to a more restrictive path

This commit is contained in:
IamTheFij 2023-07-19 10:57:33 -07:00
parent c33f877af8
commit be2fd9c327

View File

@ -312,27 +312,24 @@ PSKsecrets = {{ env "NOMAD_SECRETS_DIR" }}/ldap_stunnel_psk.txt
%{~ if use_mysql }
template {
# TODO: move psk to nomad/jobs/name/name/stunnel
data = <<EOF
{{- with nomadVar "nomad/jobs/${name}" }}{{ .mysql_stunnel_psk }}{{ end -}}
{{- with nomadVar "nomad/jobs/${name}/${name}/stunnel" }}{{ .mysql_stunnel_psk }}{{ end -}}
EOF
destination = "$${NOMAD_SECRETS_DIR}/mysql_stunnel_psk.txt"
}
%{ endif }
%{~ if use_redis }
template {
# TODO: move psk to nomad/jobs/name/name/stunnel
data = <<EOF
{{- with nomadVar "nomad/jobs/${name}" }}{{ .redis_stunnel_psk }}{{ end -}}
{{- with nomadVar "nomad/jobs/${name}/${name}/stunnel" }}{{ .redis_stunnel_psk }}{{ end -}}
EOF
destination = "$${NOMAD_SECRETS_DIR}/redis_stunnel_psk.txt"
}
%{~ endif }
%{~ if use_ldap }
template {
# TODO: move psk to nomad/jobs/name/name/stunnel
data = <<EOF
{{- with nomadVar "nomad/jobs/${name}" }}{{ .ldap_stunnel_psk }}{{ end -}}
{{- with nomadVar "nomad/jobs/${name}/${name}/stunnel" }}{{ .ldap_stunnel_psk }}{{ end -}}
EOF
destination = "$${NOMAD_SECRETS_DIR}/ldap_stunnel_psk.txt"
}