update end-to-end procfile example

.gitignore

@@ -4,6 +4,7 @@
 
 # binary
 systemd-vaultd
+tmp/
 
 # nix-build symlinks
 result*

Procfile

@@ -1,5 +1,5 @@
+# run with `hivemind``
+systemd-service: sleep 3 && sudo systemd-run --collect -u vault-nixos3.service -p LoadCredential=foo:$(pwd)/tmp/sock --wait --pipe cat '${CREDENTIALS_DIRECTORY}/foo'
 vault: vault server -dev -dev-root-token-id secret
-vault-agent:  sleep 10 && ./tests/setup-vault && sudo vault agent -config ./tests/vault-agent-example.hcl
-systemd-vaultd:  rm -rf /run/systemd-vault/secrets && sudo ./systemd-vaultd
-systemd-service:  sudo systemd-run --collect -u vault-nixos3.service -p LoadCredential=foo:/run/systemd-vaultd/sock --wait --pipe cat '${CREDENTIALS_DIRECTORY}/foo'
-#systemd-vaultd: go run . -secrets tmp/secrets -sock tmp/sock
+vault-agent:  sleep 5 && ./tests/setup-vault && sudo vault agent -config ./tests/vault-agent-example.hcl
+systemd-vaultd: go run . -secrets tmp/secrets -sock tmp/sock

tests/agent-config.hcl

@@ -0,0 +1,33 @@
+pid_file = "./pidfile"
+
+auto_auth {
+  method {
+    type = "aws"
+    namespace = "/my-namespace"
+    config = {
+      role = "foobar"
+    }
+  }
+
+  sink {
+    type = "file"
+    config = {
+      path = "/tmp/file-foo"
+    }
+    aad = "foobar"
+    dh_type = "curve25519"
+    dh_path = "/tmp/file-foo-dhpath"
+  }
+
+  sink {
+    type = "file"
+    wrap_ttl = "5m"
+    aad_env_var = "TEST_AAD_ENV"
+    dh_type = "curve25519"
+    dh_path = "/tmp/file-foo-dhpath2"
+    derive_key = true
+    config = {
+      path = "/tmp/file-bar"
+    }
+  }
+}

tests/vault-agent-example.hcl

@@ -0,0 +1,17 @@
+ vault = {
+   address = "http://localhost:8200"
+ }
+ template = {
+   contents = "{{ with secret \"secret/my-secret\" }}{{ .Data.data.foo }}{{ end }}"
+   destination = "tmp/secrets/vault-nixos3.service-foo"
+ }
+
+ auto_auth {
+   method {
+     type = "approle"
+     config = {
+       role_id_file_path = "tmp/roleID"
+       secret_id_file_path = "tmp/secretID"
+     }
+   }
+ }