server:
  %{ if ingress != null }
  ingress:
    enabled: ${ tobool(coalesce(ingress.enabled, false)) }
    %{ if ingress.className != null }
    ingressClassName: ${ ingress.className }
    %{ endif }
    %{ if ingress.annotations != null }
    annotations:
    %{ for key, value in ingress.annotations ~}
      ${ key }: "${ value }"
    %{ endfor ~}
    %{ endif }
    hosts:
      - host: ${ service_uri }
        paths: []
    %{ if ingress.tls }
    tls:
      - secretName: vault-tls
        hosts:
          - ${ service_uri }
    %{ endif }
  %{ endif }
  extraEnvironmentVars:
    VAULT_SEAL_TYPE: "awskms"
    AWS_REGION: "${ aws.region }"
    VAULT_AWSKMS_SEAL_KEY_ID: "${ aws.kms_key_id }"
  extraSecretEnvironmentVars:
    - envName: AWS_ACCESS_KEY_ID
      secretName: vault-aws-creds
      secretKey: AWS_ACCESS_KEY_ID
    - envName: AWS_SECRET_ACCESS_KEY
      secretName: vault-aws-creds
      secretKey: AWS_SECRET_ACCESS_KEY