---
# Copy to vault.yml and fill in values.
# This file is gitignored — do NOT commit real secrets.

# Auto-generated by playbook if empty (leave as empty string):
vault_encryption_key: ""
vault_turn_password: ""
vault_relay_secret: ""

# Reconciler auth token (generate: openssl rand -hex 32):
vault_reconciler_token: ""

# Gitea admin password:
vault_gitea_admin_password: ""

# NetBird API token (created via dashboard after first deploy):
vault_netbird_api_token: ""

# Gitea API token (created via Gitea UI after first deploy):
vault_gitea_token: ""

# Gitea Actions runner registration token
# (get from Gitea: Site Administration → Actions → Runners):
vault_gitea_runner_token: ""