# sanctum.yml sanctum:

# color - defaults to true. Setting to false will disable color to tty
#color: true
# force - defaults to false. Setting to true modifies behavior of push and pull commands.
#   If true you will not be asked if you want to overwrite changes. Can be overridden on a per target basis.
#force: false
# secrets_version - defaults to `auto`, which will try to automatically detect secrets_version
#   can be overridden on a per target basis
#secrets_version: auto
# transit_key - (required if not set ) default transit_key to be used, can be overridden on a per target basis
#   Transit key ring used to encrypt/decrypt secrets for local storage.
#   If you need to use multiple transit_keys you will need to create seperate config files
#transit_key: transit/keys/app-foo

vault:

# url - will use `ENV["VAULT_ADDR"]` if available, otherwise defaults to http://localhost:8200
#url: http://localhost:8200
# token - (required) will use `ENV["VAULT_TOKEN"]` if available, otherwise tries to read from `ENV["HOME"]/.vault-token`
#token: aaabbbcc-ddee-ffgg-hhii-jjkkllmmnnoop

sync:

# sync is an array of hashes of sync target configurations
# at least one app definition is REQUIRED
# Fields:
#     name - (required) Friendly name of the sync target.
#     prefix - (required) The vault prefix(secret mount) to synchronize to.
#     path - (required) The relative filesystem path that gets synchronized
#       with Vault. This path is calculated relative to the directory containing
#       the sanctum configuration file.
#     force - Whether or not to force push, pull actions (no user input)
#       Inherits the setting from the `sanctum` section.
#     secrets_version - The k/v secrets version `1`, or `2`. Sanctum will try to detect this automatically
#       if not valued. Inherits the setting from the `sanctum` section.
#     transit_key - (required if not set in `sanctum` section) Transit key ring used to encrypt/decrypt secrets
#     for local storage. Inherits the setting from the `sanctum` section.
#- name: app-foo
  #prefix: secrets/app-foo
  #path: vault/app-foo
  #force: false
#- name: app-bar
  #prefix: app-bar
  #path: vault/app-bar
  #transit_key: transit/keys/app-bar
  #secrets_version: 2
  #force: false
# Example shows if you need to specify multiple nested prefixs
# You will want to namespace the local `path`
#- name: app-baz-micro
  #prefix: app-baz/prod/micro
  #path: vault/app-baz-micro/prod/micro
  #transit_key: transit/keys/app-baz-micro
  #secrets_version: 2
  #force: false
#- name: app-baz-all
  #prefix: app-baz
  #path: vault/app-baz-all/prod/micro
  #transit_key: transit/keys/app-baz-all
  #secrets_version: 2
  #force: false