services:
  ca:
    image: "smallstep/step-ca:<%= @step_ca_version %>"
    volumes:
      - /opt/step-ca/data:/home/step
      - /opt/step-ca/init/secrets:/init-secrets
    environment:
      - DOCKER_STEPCA_INIT_NAME=sunet-cdn-ca
      - DOCKER_STEPCA_INIT_DNS_NAMES=localhost,<%= @networking['fqdn'] %>
      - DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT=true
      - DOCKER_STEPCA_INIT_PASSWORD_FILE=/init-secrets/key-password