credhub.yml

- path: /releases/-
  release: credhub
  type: replace
  value:
    name: credhub
    sha1: ca6f8fdfa966a20642749b59a8cf5ce26c9c56f1
    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/credhub-2.12.99-ubuntu-jammy-1.682.tgz
    version: 2.12.99
- path: /instance_groups/name=bosh/jobs/-
  type: replace
  value:
    name: credhub
    properties:
      credhub:
        authentication:
          uaa:
            ca_certs:
            - ((uaa_ssl.ca))
            url: https://((internal_ip)):8443
            verification_key: ((uaa_jwt_signing_key.public_key))
        authorization:
          acls:
            enabled: false
        certificates:
          concatenate_cas: true
        data_storage:
          database: credhub
          host: 127.0.0.1
          password: ((postgres_password))
          port: 5432
          require_tls: false
          type: postgres
          username: postgres
        encryption:
          keys:
          - active: true
            key_properties:
              encryption_password: ((credhub_encryption_password))
            provider_name: internal
          providers:
          - name: internal
            type: internal
        tls: ((credhub_tls))
    release: credhub
- path: /instance_groups/name=bosh/properties/postgres/additional_databases?/-
  type: replace
  value: credhub
- path: /instance_groups/name=bosh/properties/director/config_server?
  type: replace
  value:
    ca_cert: ((credhub_tls.ca))
    enabled: true
    uaa:
      ca_cert: ((uaa_ssl.ca))
      client_id: director_to_credhub
      client_secret: ((uaa_clients_director_to_credhub))
      url: https://((internal_ip)):8443
    url: https://((internal_ip)):8844/api/
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/director_to_credhub?
  type: replace
  value:
    access-token-validity: 3600
    authorities: credhub.read,credhub.write
    authorized-grant-types: client_credentials
    override: true
    scope: ""
    secret: ((uaa_clients_director_to_credhub))
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/credhub_cli?
  type: replace
  value:
    access-token-validity: 60
    authorities: ""
    authorized-grant-types: password,refresh_token
    override: true
    refresh-token-validity: 1800
    scope: credhub.read,credhub.write
    secret: ""
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/clients/credhub-admin?
  type: replace
  value:
    access-token-validity: 3600
    authorities: credhub.read,credhub.write
    authorized-grant-types: client_credentials
    override: true
    scope: ""
    secret: ((credhub_admin_client_secret))
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/scim/users/name=credhub_cli_user?/password
  type: replace
  value: ((credhub_cli_user_password))
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/scim/users/name=credhub_cli_user?/groups
  type: replace
  value:
  - credhub.read
  - credhub.write
- path: /instance_groups/name=bosh/jobs/name=uaa/properties/uaa/jwt/revocable?
  type: replace
  value: true
- path: /instance_groups/name=bosh/jobs/-
  type: replace
  value:
    name: bbr-credhubdb
    properties:
      credhub:
        data_storage:
          database: credhub
          host: 127.0.0.1
          password: ((postgres_password))
          port: 5432
          require_tls: false
          type: postgres
          username: postgres
      release_level_backup: true
    release: credhub
- path: /variables/-
  type: replace
  value:
    name: credhub_cli_user_password
    type: password
- path: /variables/-
  type: replace
  value:
    name: credhub_ca
    options:
      common_name: CredHub CA
      is_ca: true
    type: certificate
- path: /variables/-
  type: replace
  value:
    name: credhub_tls
    options:
      alternative_names:
      - ((internal_ip))
      ca: credhub_ca
      common_name: ((internal_ip))
    type: certificate
- path: /variables/-
  type: replace
  value:
    name: credhub_encryption_password
    type: password
- path: /variables/-
  type: replace
  value:
    name: uaa_clients_director_to_credhub
    type: password
- path: /variables/-
  type: replace
  value:
    name: credhub_admin_client_secret
    type: password