---
# =============================================================================
# NetBird v1.6 Vault Secrets
# =============================================================================
# Copy to vault.yml, edit values, then encrypt:
#   cp vault.yml.example vault.yml
#   # Edit vault.yml with your values
#   ansible-vault encrypt vault.yml
#
# Or use: ./generate-vault.sh to auto-generate all secrets

# =============================================================================
# TURN/Relay Configuration
# =============================================================================

# TURN server password (alphanumeric only)
# Generate: openssl rand -base64 32 | tr -d '/+=\n'
vault_turn_password: "YourTurnPassword2024"

# Relay secret (alphanumeric only)
# Generate: openssl rand -base64 32 | tr -d '/+=\n'
vault_relay_secret: "YourRelaySecret2024"

# =============================================================================
# Embedded IdP Encryption Key
# =============================================================================
# CRITICAL: Back this up! Loss prevents recovery of user data.
# Generate: openssl rand -base64 32
vault_encryption_key: "YourBase64EncryptionKey=="

# =============================================================================
# User Provisioning (for setup-bootstrap.yml and setup-users.yml)
# =============================================================================

# Initial admin password (for setup-bootstrap.yml)
# Generate: openssl rand -base64 16 | tr -d '/+=\n'
vault_admin_password: "YourAdminPassword2024"

# Service user PAT for API automation
# LEAVE EMPTY UNTIL AFTER BOOTSTRAP!
# Create manually in dashboard: Team → Service Users → Create Token
vault_netbird_service_pat: ""