a-nldisr/vault.service

## vault.service
[Unit]
Description=vault server
Documentation=https://vaultproject.io/docs/
After=network.target
ConditionFileNotEmpty=/etc/vault/vault-config.hcl

[Service]
User=vault
Group=vault
PrivateDevices=yes
PrivateTmp=yes
ProtectSystem=full
ProtectHome=read-only
SecureBits=keep-caps
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes
TimeoutStopSec=30s
Restart=on-failure
StartLimitInterval=60s
StartLimitBurst=3
EnvironmentFile=-/etc/sysconfig/vault
Restart=on-failure
ExecStart=/usr/local/sbin/vault server $OPTIONS -config=/etc/vault/vault-config.hcl
ExecStop=/usr/local/bin/vault step-down

[Install]
WantedBy=multi-user.target
	[Unit]
	Description=vault server
	Documentation=https://vaultproject.io/docs/
	After=network.target
	ConditionFileNotEmpty=/etc/vault/vault-config.hcl

	[Service]
	User=vault
	Group=vault
	PrivateDevices=yes
	PrivateTmp=yes
	ProtectSystem=full
	ProtectHome=read-only
	SecureBits=keep-caps
	Capabilities=CAP_IPC_LOCK+ep
	CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
	NoNewPrivileges=yes
	TimeoutStopSec=30s
	Restart=on-failure
	StartLimitInterval=60s
	StartLimitBurst=3
	EnvironmentFile=-/etc/sysconfig/vault
	Restart=on-failure
	ExecStart=/usr/local/sbin/vault server $OPTIONS -config=/etc/vault/vault-config.hcl
	ExecStop=/usr/local/bin/vault step-down

	[Install]
	WantedBy=multi-user.target