Update arm64 build

Fix userpass login
Fix apikey auth

Use X-Forwarded-For header for host routing

Author: joecorall

Dockerfile

@@ -37,9 +37,12 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 WORKDIR /app
 
-RUN apt-get update && apt-get install curl --yes && \
+ARG TARGETARCH
+ARG ARCH_SUFFIX=${TARGETARCH}
+RUN if [ "${TARGETARCH}" = "amd64" ]; then ARCH_SUFFIX="x64"; fi && \
+    apt-get update && apt-get install curl --yes && \
     curl -sL \
-    https://github.com/tailwindlabs/tailwindcss/releases/download/v4.1.18/tailwindcss-linux-x64 \
+    "https://github.com/tailwindlabs/tailwindcss/releases/download/v4.1.18/tailwindcss-linux-${ARCH_SUFFIX}" \
     -o /app/tailwindcss && \
     chmod +x /app/tailwindcss
 

ci/test-runner/main.go

@@ -30,32 +30,32 @@ var (
 	vaultToken = getEnv("VAULT_TOKEN", "test-root-token")
 
 	// Test user API keys (from rbac_seed.sql and vault-init.sh)
-	// Format: libops_{keyUUID_no_dashes}_{accountUUID_no_dashes}
+	// Format: libops_{accountUUID_no_dashes}_{keyUUID_no_dashes}_{randomSecret}
 	apiKeys = map[string]string{
-		// Full scope keys
-		"admin":       "libops_075913e793285264b6846ae0163b8096_01052d4d93be51a39684c357297533cd",
-		"art":         "libops_0f05b4b9f40c5ca89f3904de42ae87e4_fdf35d32bbb35ea3abf2410da575e169",
-		"jerry":       "libops_726186be6ad85257a1bd2e4689db11d0_964b5eb020375263883ce939c6916d7d",
-		"elaine":      "libops_b3f360ca79955db2b88b3e178cd7ae8a_863fb60a808450fe82aeefa113231bef",
-		"george":      "libops_0c9522b721975d87b010ac1bc506f79a_d0bfd25745725036b5aa038743be4715",
-		"kramer":      "libops_94581ae623e358698770db7cb74e5391_516e3bb4bfbe5dda9cc9d0e00ce7b6f2",
-		"pennypacker": "libops_58c99883c3145c6ebfa8e072502e43bd_42b6846e501f51539aca210d8d84f946",
-		"newman":      "libops_3ccc3cc2e5c0530b8f0a6fb24cd8566b_e60f6db8521a5fc3aaccceb3f50b6f7b",
-		"bob":         "libops_63cd920a70905e0eb46d840a933e2c70_94656683e36658b8a39132e0c54ca37e",
-		"joe":         "libops_890e09765b435ff8a673921a920e7c2a_0f439d32e0655a20a08e22dd6793948a",
-		"puddy":       "libops_eb181a1b7dc953c29981ba91a3ebf24a_22f490238dfe57c795dbdd0f8cae04a7",
-		"soup":        "libops_43527224d0f85344803fec80f80ed0a0_ff2098bd1a335db9806937f2bf5bdba7",
-		"babu":        "libops_2032b34886ae5805b08c3c2cf065ef82_a551424b91ed5636a53bcdb50660d4c9",
-		"leo":         "libops_ce22e781d2ad5d7abccc7dd122e791c8_351fcf8bd637596cbe1e8bdd90dbc4eb",
-		"jackie":      "libops_578e1fcfb4975bffbbf4436835457f73_af54b89e5533585ab3b70003b7e6dcc2",
-		"peterman":    "libops_2c3cfb5bc99454c99cb992321bd353cb_dfe2b1a880005b6788ad881b036fa4f9",
-		"no-access":   "libops_567df9dc244e561e93c13082534eeec7_e543554b5af05d97ac8f09608bcfa7b8",
+		// Full scope keys - format updated to include random secret
+		"admin":       "libops_01052d4d93be51a39684c357297533cd_075913e793285264b6846ae0163b8096_test_secret_admin_full",
+		"art":         "libops_fdf35d32bbb35ea3abf2410da575e169_0f05b4b9f40c5ca89f3904de42ae87e4_test_secret_art_full",
+		"jerry":       "libops_964b5eb020375263883ce939c6916d7d_726186be6ad85257a1bd2e4689db11d0_test_secret_jerry_full",
+		"elaine":      "libops_863fb60a808450fe82aeefa113231bef_b3f360ca79955db2b88b3e178cd7ae8a_test_secret_elaine_full",
+		"george":      "libops_d0bfd25745725036b5aa038743be4715_0c9522b721975d87b010ac1bc506f79a_test_secret_george_full",
+		"kramer":      "libops_516e3bb4bfbe5dda9cc9d0e00ce7b6f2_94581ae623e358698770db7cb74e5391_test_secret_kramer_full",
+		"pennypacker": "libops_42b6846e501f51539aca210d8d84f946_58c99883c3145c6ebfa8e072502e43bd_test_secret_pennypacker_full",
+		"newman":      "libops_e60f6db8521a5fc3aaccceb3f50b6f7b_3ccc3cc2e5c0530b8f0a6fb24cd8566b_test_secret_newman_full",
+		"bob":         "libops_94656683e36658b8a39132e0c54ca37e_63cd920a70905e0eb46d840a933e2c70_test_secret_bob_full",
+		"joe":         "libops_0f439d32e0655a20a08e22dd6793948a_890e09765b435ff8a673921a920e7c2a_test_secret_joe_full",
+		"puddy":       "libops_22f490238dfe57c795dbdd0f8cae04a7_eb181a1b7dc953c29981ba91a3ebf24a_test_secret_puddy_full",
+		"soup":        "libops_ff2098bd1a335db9806937f2bf5bdba7_43527224d0f85344803fec80f80ed0a0_test_secret_soup_full",
+		"babu":        "libops_a551424b91ed5636a53bcdb50660d4c9_2032b34886ae5805b08c3c2cf065ef82_test_secret_babu_full",
+		"leo":         "libops_351fcf8bd637596cbe1e8bdd90dbc4eb_ce22e781d2ad5d7abccc7dd122e791c8_test_secret_leo_full",
+		"jackie":      "libops_af54b89e5533585ab3b70003b7e6dcc2_578e1fcfb4975bffbbf4436835457f73_test_secret_jackie_full",
+		"peterman":    "libops_dfe2b1a880005b6788ad881b036fa4f9_2c3cfb5bc99454c99cb992321bd353cb_test_secret_peterman_full",
+		"no-access":   "libops_e543554b5af05d97ac8f09608bcfa7b8_567df9dc244e561e93c13082534eeec7_test_secret_noaccess_full",
 
 		// Limited scope keys
-		"admin-limited": "libops_d76a9ff9334c548d8ba94063ddb96cf9_01052d4d93be51a39684c357297533cd",
-		"art-limited":   "libops_c19811014bbf5f90b38b901c06fdaad6_fdf35d32bbb35ea3abf2410da575e169",
-		"bob-limited":   "libops_7dd4d68f85f45dbebed083e639a8fab2_94656683e36658b8a39132e0c54ca37e",
-		"soup-limited":  "libops_b6b4b341e1e55242a33d684e4da7ad07_ff2098bd1a335db9806937f2bf5bdba7",
+		"admin-limited": "libops_01052d4d93be51a39684c357297533cd_d76a9ff9334c548d8ba94063ddb96cf9_test_secret_admin_limited",
+		"art-limited":   "libops_fdf35d32bbb35ea3abf2410da575e169_c19811014bbf5f90b38b901c06fdaad6_test_secret_art_limited",
+		"bob-limited":   "libops_94656683e36658b8a39132e0c54ca37e_7dd4d68f85f45dbebed083e639a8fab2_test_secret_bob_limited",
+		"soup-limited":  "libops_ff2098bd1a335db9806937f2bf5bdba7_b6b4b341e1e55242a33d684e4da7ad07_test_secret_soup_limited",
 	}
 
 	// Test user credentials (email:password) - derived from vault-init.sh
@@ -1051,14 +1051,18 @@ func (tr *TestRunner) testAPIKeyManagement(ctx context.Context) {
 		if adminKeySecret == "" {
 			return fmt.Errorf("expected API key secret to be returned")
 		}
-		// Verify new format: libops_{keyUUID}_{accountUUID}
+		// Verify new format: libops_{accountUUID}_{keyUUID}_{randomSecret}
 		parts := strings.Split(adminKeySecret, "_")
-		if len(parts) != 3 || parts[0] != "libops" {
-			return fmt.Errorf("expected API key format 'libops_{keyUUID}_{accountUUID}', got: %s", adminKeySecret)
+		if len(parts) < 4 || parts[0] != "libops" {
+			return fmt.Errorf("expected API key format 'libops_{accountUUID}_{keyUUID}_{randomSecret}', got: %s", adminKeySecret)
 		}
 		if len(parts[1]) != 32 || len(parts[2]) != 32 {
-			return fmt.Errorf("expected 32-char hex UUIDs in API key, got key_uuid=%d chars, account_uuid=%d chars", len(parts[1]), len(parts[2]))
+			return fmt.Errorf("expected 32-char hex UUIDs in API key, got account_uuid=%d chars, key_uuid=%d chars", len(parts[1]), len(parts[2]))
 		}
+		if len(parts[3]) == 0 {
+			return fmt.Errorf("expected random secret component in API key, got empty string")
+		}
+		slog.Info("DEBUG: " + adminKeySecret)
 		// Store for later use
 		apiKeys["admin-limited"] = adminKeySecret
 		fmt.Printf(green("    ✓ Created key %s\n"), adminKeyID)

ci/testdata/vault-init.sh

@@ -48,14 +48,18 @@ vault policy write libops-user - <<EOF
 path "identity/oidc/token/libops-api" {
   capabilities = ["read", "update"]
 }
+path "keys/*" {
+  capabilities = ["create", "update", "read"]
+}
+
 EOF
 
 create_test_user() {
     email=$1
     password=$2
     account_id=$3
     entity_name=$4
-    
+
     vault_username=$(echo "$email" | tr '@' '_')
     vault write "auth/userpass/users/$vault_username" password="$password" policies="libops-user"
     vault write identity/entity name="$entity_name" metadata="email=$email" metadata="account_id=$account_id"
@@ -84,62 +88,63 @@ create_test_user "david.puddy@vandelay.com" "password123" "15" "entity-david.pud
 create_test_user "uncle.leo@vandelay.com" "password123" "16" "entity-uncle.leo@vandelay.com"
 create_test_user "noaccess@test.com" "password123" "17" "entity-noaccess@test.com"
 
-echo 'Creating API keys with format: libops_{keyUUID_no_dashes}_{accountUUID_no_dashes}...'
+echo 'Creating API keys with format: libops_{accountUUID_no_dashes}_{keyUUID_no_dashes}_{randomSecret}...'
 # Helper function to create API key in new format
 create_api_key() {
   local account_uuid=$1
   local key_uuid=$2
+  local random_secret=$3
   # Strip dashes and convert to lowercase for UUIDs
   local account_no_dashes=$(echo "$account_uuid" | tr -d '-' | tr '[:upper:]' '[:lower:]')
   local key_no_dashes=$(echo "$key_uuid" | tr -d '-' | tr '[:upper:]' '[:lower:]')
-  # Format: libops_{keyUUID}_{accountUUID}
-  local secret="libops_${key_no_dashes}_${account_no_dashes}"
-  # Store in Vault at keys/{secret} with the secret as the value
-  vault write keys/"$secret" secret="$secret"
-  echo "$secret"
+  # Format: libops_{accountUUID}_{keyUUID}_{randomSecret}
+  local full_key="libops_${account_no_dashes}_${key_no_dashes}_${random_secret}"
+  # Store in Vault at keys/{accountUUID}/{keyUUID} with the random secret as the value
+  vault write keys/"${account_no_dashes}/${key_no_dashes}" secret="$random_secret"
+  echo "$full_key"
 }
 
 # System Administrator Full
-ADMIN_FULL=$(create_api_key "01052d4d-93be-51a3-9684-c357297533cd" "075913e7-9328-5264-b684-6ae0163b8096")
+ADMIN_FULL=$(create_api_key "01052d4d-93be-51a3-9684-c357297533cd" "075913e7-9328-5264-b684-6ae0163b8096" "test_secret_admin_full")
 # Admin Limited
-ADMIN_LIMITED=$(create_api_key "01052d4d-93be-51a3-9684-c357297533cd" "d76a9ff9-334c-548d-8ba9-4063ddb96cf9")
+ADMIN_LIMITED=$(create_api_key "01052d4d-93be-51a3-9684-c357297533cd" "d76a9ff9-334c-548d-8ba9-4063ddb96cf9" "test_secret_admin_limited")
 # Art Vandelay Full
-ART_FULL=$(create_api_key "fdf35d32-bbb3-5ea3-abf2-410da575e169" "0f05b4b9-f40c-5ca8-9f39-04de42ae87e4")
+ART_FULL=$(create_api_key "fdf35d32-bbb3-5ea3-abf2-410da575e169" "0f05b4b9-f40c-5ca8-9f39-04de42ae87e4" "test_secret_art_full")
 # Art Limited
-ART_LIMITED=$(create_api_key "fdf35d32-bbb3-5ea3-abf2-410da575e169" "c1981101-4bbf-5f90-b38b-901c06fdaad6")
+ART_LIMITED=$(create_api_key "fdf35d32-bbb3-5ea3-abf2-410da575e169" "c1981101-4bbf-5f90-b38b-901c06fdaad6" "test_secret_art_limited")
 # Jerry Seinfeld Full
-JERRY_FULL=$(create_api_key "964b5eb0-2037-5263-883c-e939c6916d7d" "726186be-6ad8-5257-a1bd-2e4689db11d0")
+JERRY_FULL=$(create_api_key "964b5eb0-2037-5263-883c-e939c6916d7d" "726186be-6ad8-5257-a1bd-2e4689db11d0" "test_secret_jerry_full")
 # Elaine Benes Full
-ELAINE_FULL=$(create_api_key "863fb60a-8084-50fe-82ae-efa113231bef" "b3f360ca-7995-5db2-b88b-3e178cd7ae8a")
+ELAINE_FULL=$(create_api_key "863fb60a-8084-50fe-82ae-efa113231bef" "b3f360ca-7995-5db2-b88b-3e178cd7ae8a" "test_secret_elaine_full")
 # George Costanza Full
-GEORGE_FULL=$(create_api_key "d0bfd257-4572-5036-b5aa-038743be4715" "0c9522b7-2197-5d87-b010-ac1bc506f79a")
+GEORGE_FULL=$(create_api_key "d0bfd257-4572-5036-b5aa-038743be4715" "0c9522b7-2197-5d87-b010-ac1bc506f79a" "test_secret_george_full")
 # Cosmo Kramer Full
-KRAMER_FULL=$(create_api_key "516e3bb4-bfbe-5dda-9cc9-d0e00ce7b6f2" "94581ae6-23e3-5869-8770-db7cb74e5391")
+KRAMER_FULL=$(create_api_key "516e3bb4-bfbe-5dda-9cc9-d0e00ce7b6f2" "94581ae6-23e3-5869-8770-db7cb74e5391" "test_secret_kramer_full")
 # H.E. Pennypacker Full
-PENNYPACKER_FULL=$(create_api_key "42b6846e-501f-5153-9aca-210d8d84f946" "58c99883-c314-5c6e-bfa8-e072502e43bd")
+PENNYPACKER_FULL=$(create_api_key "42b6846e-501f-5153-9aca-210d8d84f946" "58c99883-c314-5c6e-bfa8-e072502e43bd" "test_secret_pennypacker_full")
 # Newman Full
-NEWMAN_FULL=$(create_api_key "e60f6db8-521a-5fc3-aacc-ceb3f50b6f7b" "3ccc3cc2-e5c0-530b-8f0a-6fb24cd8566b")
+NEWMAN_FULL=$(create_api_key "e60f6db8-521a-5fc3-aacc-ceb3f50b6f7b" "3ccc3cc2-e5c0-530b-8f0a-6fb24cd8566b" "test_secret_newman_full")
 # Bob Sacamano Full
-BOB_FULL=$(create_api_key "94656683-e366-58b8-a391-32e0c54ca37e" "63cd920a-7090-5e0e-b46d-840a933e2c70")
+BOB_FULL=$(create_api_key "94656683-e366-58b8-a391-32e0c54ca37e" "63cd920a-7090-5e0e-b46d-840a933e2c70" "test_secret_bob_full")
 # Bob Limited
-BOB_LIMITED=$(create_api_key "94656683-e366-58b8-a391-32e0c54ca37e" "7dd4d68f-85f4-5dbe-bed0-83e639a8fab2")
+BOB_LIMITED=$(create_api_key "94656683-e366-58b8-a391-32e0c54ca37e" "7dd4d68f-85f4-5dbe-bed0-83e639a8fab2" "test_secret_bob_limited")
 # Joe Davola Full
-JOE_FULL=$(create_api_key "0f439d32-e065-5a20-a08e-22dd6793948a" "890e0976-5b43-5ff8-a673-921a920e7c2a")
+JOE_FULL=$(create_api_key "0f439d32-e065-5a20-a08e-22dd6793948a" "890e0976-5b43-5ff8-a673-921a920e7c2a" "test_secret_joe_full")
 # Soup Nazi Full
-SOUP_FULL=$(create_api_key "ff2098bd-1a33-5db9-8069-37f2bf5bdba7" "43527224-d0f8-5344-803f-ec80f80ed0a0")
+SOUP_FULL=$(create_api_key "ff2098bd-1a33-5db9-8069-37f2bf5bdba7" "43527224-d0f8-5344-803f-ec80f80ed0a0" "test_secret_soup_full")
 # Soup Nazi Limited
-SOUP_LIMITED=$(create_api_key "ff2098bd-1a33-5db9-8069-37f2bf5bdba7" "b6b4b341-e1e5-5242-a33d-684e4da7ad07")
+SOUP_LIMITED=$(create_api_key "ff2098bd-1a33-5db9-8069-37f2bf5bdba7" "b6b4b341-e1e5-5242-a33d-684e4da7ad07" "test_secret_soup_limited")
 # Babu Bhatt Full
-BABU_FULL=$(create_api_key "a551424b-91ed-5636-a53b-cdb50660d4c9" "2032b348-86ae-5805-b08c-3c2cf065ef82")
+BABU_FULL=$(create_api_key "a551424b-91ed-5636-a53b-cdb50660d4c9" "2032b348-86ae-5805-b08c-3c2cf065ef82" "test_secret_babu_full")
 # Jackie Chiles Full
-JACKIE_FULL=$(create_api_key "af54b89e-5533-585a-b3b7-0003b7e6dcc2" "578e1fcf-b497-5bff-bbf4-436835457f73")
+JACKIE_FULL=$(create_api_key "af54b89e-5533-585a-b3b7-0003b7e6dcc2" "578e1fcf-b497-5bff-bbf4-436835457f73" "test_secret_jackie_full")
 # J. Peterman Full
-PETERMAN_FULL=$(create_api_key "dfe2b1a8-8000-5b67-88ad-881b036fa4f9" "2c3cfb5b-c994-54c9-9cb9-92321bd353cb")
+PETERMAN_FULL=$(create_api_key "dfe2b1a8-8000-5b67-88ad-881b036fa4f9" "2c3cfb5b-c994-54c9-9cb9-92321bd353cb" "test_secret_peterman_full")
 # David Puddy Full
-PUDDY_FULL=$(create_api_key "22f49023-8dfe-57c7-95db-dd0f8cae04a7" "eb181a1b-7dc9-53c2-9981-ba91a3ebf24a")
+PUDDY_FULL=$(create_api_key "22f49023-8dfe-57c7-95db-dd0f8cae04a7" "eb181a1b-7dc9-53c2-9981-ba91a3ebf24a" "test_secret_puddy_full")
 # Uncle Leo Full
-LEO_FULL=$(create_api_key "351fcf8b-d637-596c-be1e-8bdd90dbc4eb" "ce22e781-d2ad-5d7a-bccc-7dd122e791c8")
+LEO_FULL=$(create_api_key "351fcf8b-d637-596c-be1e-8bdd90dbc4eb" "ce22e781-d2ad-5d7a-bccc-7dd122e791c8" "test_secret_leo_full")
 # No Access User Full
-NO_ACCESS=$(create_api_key "e543554b-5af0-5d97-ac8f-09608bcfa7b8" "567df9dc-244e-561e-93c1-3082534eeec7")
+NO_ACCESS=$(create_api_key "e543554b-5af0-5d97-ac8f-09608bcfa7b8" "567df9dc-244e-561e-93c1-3082534eeec7" "test_secret_noaccess_full")
 
-echo 'Vault initialization complete!'
+echo 'Vault initialization complete!'

conf/init/docker-entrypoint.sh

@@ -72,7 +72,7 @@ vault write identity/oidc/client/libops-api \
 vault write identity/oidc/provider/libops-api \
   allowed_client_ids="*" \
   scopes="openid,email,profile" \
-  issuer_host="http://vault:8200"
+  issuer_host="http://vault.libops.io"
 
 # Create an OIDC role for token generation
 # This binds the key and template for direct token requests
@@ -104,6 +104,18 @@ for FILE in policies/*; do
   vault policy write "$ROLE" "policies/$FILE"
 done
 
+# Create production userpass users (matching seed data in conf/mariadb/seed.sql)
+# These correspond to the accounts seeded in the database
+echo "Creating production userpass users..."
+
+# joe@libops.io - Account ID 1, entity ID e0000000-0000-0000-0000-000000000001
+vault write auth/userpass/users/joe_libops.io password="ChangeMe123!" policies="libops-user"
+vault write identity/entity name="joe@libops.io" metadata="email=joe@libops.io" metadata="account_id=1"
+entity_id=$(vault read -field=id identity/entity/name/joe@libops.io)
+accessor=$(vault auth list | grep "^userpass/" | awk '{print $3}')
+vault write identity/entity-alias name="joe_libops.io" canonical_id="$entity_id" mount_accessor="$accessor"
+echo "Created user: joe_libops.io (entity: $entity_id)"
+
 echo "Vault initialization complete!"
 
 

conf/mariadb/seed.sql

@@ -14,9 +14,9 @@ SELECT
     UNHEX(REPLACE('10000000-0000-0000-0000-000000000001', '-', '')),
     'joe@libops.io',
     'Joe Corall',
-    'google',
+    'userpass',
     TRUE,
-    'e0000000-0000-0000-0000-000000000001',
+    NULL,
     NOW()
 FROM
     DUAL
@@ -30,7 +30,7 @@ SELECT
     'Joe Corall (external)',
     'google',
     TRUE,
-    'e0000000-0000-0000-0000-000000000002',
+    NULL,
     NOW()
 FROM
     DUAL

conf/traefik/config.tmpl conf/traefik/config.yamlconf/traefik/config.tmpl renamed to conf/traefik/config.yaml

@@ -1,42 +1,35 @@
 http:
   routers:
     docs-redirect:
-      rule: (Host(`dash.libops.io` || Host(`api.libops.io`)) && Path(`/`)
+      rule: (Header(`X-Forwarded-Host`, `dash.libops.io`) || Header(`X-Forwarded-Host`, `api.libops.io`)) && Path(`/`)
       entryPoints:
         - http
       priority: 99
-      service: api-docs-noop@internal
+      service: noop@internal
       middlewares:
         - docs-redirect
 
     api:
-      rule: Host(`api.libops.io`) && (PathPrefix(`/v1`) || PathPrefix(`/auth`))
+      rule: Host(`api.libops.io`) || Header(`X-Forwarded-Host`, `api.libops.io`) || Header(`X-Forwarded-Host`, `dash.libops.io`)
       entryPoints:
         - http
       priority: 90
       service: api
 
     vault:
-      rule: Host(`vault`) || (Host(`api.libops.io`) && (PathPrefix(`/ui/vault/identity/oidc/`) || PathPrefix(`/ui/assets/`) || PathPrefix(`/ui/sw-registration`)))
+      rule: Host(`vault.libops.io`) || Host(`vault`) || (Header(`X-Forwarded-Host`, `vault.libops.io`) && (PathPrefix(`/ui/vault/identity/oidc/`) || PathPrefix(`/ui/assets/`) || PathPrefix(`/ui/sw-registration`)))
       entryPoints:
         - http
       priority: 80
       service: vault
 
     docs:
-      rule: Host(`docs.libops.io`)
+      rule: Host(`docs.libops.io`) || Header(`X-Forwarded-Host`, `docs.libops.io`)
       entryPoints:
         - http
       priority: 10
       service: docs
 
-    dash:
-      rule: Host(`dash.libops.io`) && !PathPrefix(`/v1`) && !PathPrefix(`/auth`)
-      entryPoints:
-        - http
-      priority: 10
-      service: api
-
   middlewares:
     docs-redirect:
       redirectRegex:

conf/vault/server.hcl

@@ -2,7 +2,7 @@ default_max_request_duration = "90s"
 disable_clustering           = true
 disable_mlock                = true
 ui                           = true
-api_addr                     = "http://vault:8200"
+api_addr                     = "http://vault.libops.io"
 
 listener "tcp" {
   address     = "0.0.0.0:8200"