kit.yml

---
name:    blacksmith
version: 0.12.0
author:  James Hunt <james@niftylogic.com>
docs:     https://github.com/cloudfoundry-community/blacksmith-boshrelease
code:     https://github.com/genesis-community/blacksmith-genesis-kit

description: Blacksmith

genesis_version_min: 2.8.5

certificates:
  base:
    tls:
      ca: {valid_for: 10y}
      director:
        valid_for: 1y
        names:
          - ${params.ip}
      blobstore:
        valid_for: 1y
        names:
          - ${params.ip}
    tls/redis:
      server:
        valid_for: 1y
        signed_by: broker/ca
        names:
          - ${params.ip}

    tls/rabbitmq:
      server:
          valid_for: 5y
          signed_by: broker/ca
          names:
            - server.rabbitmq.bosh-internal

    tls/nats:
      ca: {valid_for: 10y}
      server:
        valid_for: 1y
        names:
          - default.nats.bosh-internal
          - ${params.ip}
      director:
        valid_for: 1y
        names:
          - default.director.bosh-internal
      hm:
        valid_for: 1y
        names:
          - default.hm.bosh-internal

  broker-tls:
    broker:
      ca:
        valid_for: 10y
        names:
          - blacksmith.services.ca.bosh-internal

      server:
          valid_for: 1y
          signed_by: broker/ca
          names:
            - blacksmith.services.bosh-internal
            - ${params.ip}

credentials:
  base:
    broker:             {password: random 64}

    db:                 {password: random 64}
    nats:               {password: random 64}
    blobstore/agent:    {password: random 64}
    blobstore/director: {password: random 64}

    users/admin:        {password: random 64}
    users/hm:           {password: random 64}
    users/blacksmith:   {password: random 64}

    registry:           {password: random 64}

  shield-backups:
    shield:             {password: random 64}

provided:
  shield-backups:
    shield:
      keys:
        store:
          prompt: "External S.H.I.E.L.D store UUID or exact name"