43 lines
1.7 KiB
Plaintext
43 lines
1.7 KiB
Plaintext
---
|
|
# =============================================================================
|
|
# NetBird v1.6 Vault Secrets
|
|
# =============================================================================
|
|
# Copy to vault.yml, edit values, then encrypt:
|
|
# cp vault.yml.example vault.yml
|
|
# # Edit vault.yml with your values
|
|
# ansible-vault encrypt vault.yml
|
|
#
|
|
# Or use: ./generate-vault.sh to auto-generate all secrets
|
|
|
|
# =============================================================================
|
|
# TURN/Relay Configuration
|
|
# =============================================================================
|
|
|
|
# TURN server password (alphanumeric only)
|
|
# Generate: openssl rand -base64 32 | tr -d '/+=\n'
|
|
vault_turn_password: "YourTurnPassword2024"
|
|
|
|
# Relay secret (alphanumeric only)
|
|
# Generate: openssl rand -base64 32 | tr -d '/+=\n'
|
|
vault_relay_secret: "YourRelaySecret2024"
|
|
|
|
# =============================================================================
|
|
# Embedded IdP Encryption Key
|
|
# =============================================================================
|
|
# CRITICAL: Back this up! Loss prevents recovery of user data.
|
|
# Generate: openssl rand -base64 32
|
|
vault_encryption_key: "YourBase64EncryptionKey=="
|
|
|
|
# =============================================================================
|
|
# User Provisioning (for setup-bootstrap.yml and setup-users.yml)
|
|
# =============================================================================
|
|
|
|
# Initial admin password (for setup-bootstrap.yml)
|
|
# Generate: openssl rand -base64 16 | tr -d '/+=\n'
|
|
vault_admin_password: "YourAdminPassword2024"
|
|
|
|
# Service user PAT for API automation
|
|
# LEAVE EMPTY UNTIL AFTER BOOTSTRAP!
|
|
# Create manually in dashboard: Team → Service Users → Create Token
|
|
vault_netbird_service_pat: ""
|