From 6ea68bb278ade540a7c654663f02f0e6cc5b26c1 Mon Sep 17 00:00:00 2001
From: Al-Khawarizmi <b.afatah@yahoo.com>
Date: Thu, 6 Nov 2025 21:40:26 +0800
Subject: [PATCH 1/2] fix: pass transit tls cert and key instaid of hardcoded
 default

---
 defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 8942e6b..5336e66 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -330,8 +330,8 @@ vault_transit_key_name: 'autounseal'
 vault_transit_mount_path: "transit/"
 # vault_transit_namespace: ''
 vault_transit_tls_ca_cert_file: "{{ vault_tls_ca_file }}"
-vault_transit_tls_client_cert_file: "autounseal_client_cert.pem"
-vault_transit_tls_client_key_file: "autounseal_client_key.pem"
+vault_transit_tls_client_cert_file: "{{ vault_transit_tls_client_cert | default('autounseal_client_cert.pem', true) }}"
+vault_transit_tls_client_key_file: "{{ vault_transit_tls_client_key | default('autounseal_client_key.pem', true) }}"
 # vault_transit_tls_server_name: ''
 vault_transit_tls_skip_verify: "{{ lookup('env', 'VAULT_SKIP_VERIFY') | default('', false) }}"
 

From 1347205993d03fbee771eb0c55db135162e8c05b Mon Sep 17 00:00:00 2001
From: Al-Khawarizmi <b.afatah@yahoo.com>
Date: Sat, 8 Nov 2025 02:34:09 +0800
Subject: [PATCH 2/2] fix: update vault_transt_tls_ca_cert_file to use user
 provided value and keeping sensible default

---
 defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 5336e66..bcfe1f2 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -329,7 +329,7 @@ vault_transit_disable_renewal: false
 vault_transit_key_name: 'autounseal'
 vault_transit_mount_path: "transit/"
 # vault_transit_namespace: ''
-vault_transit_tls_ca_cert_file: "{{ vault_tls_ca_file }}"
+vault_transit_tls_ca_cert_file: "{{ vault_transit_tls_ca_cert_file | default(vault_tls_ca_file) }}"
 vault_transit_tls_client_cert_file: "{{ vault_transit_tls_client_cert | default('autounseal_client_cert.pem', true) }}"
 vault_transit_tls_client_key_file: "{{ vault_transit_tls_client_key | default('autounseal_client_key.pem', true) }}"
 # vault_transit_tls_server_name: ''