provider "vault" {
  # Configuration via VAULT_ADDR and VAULT_TOKEN env vars
}

provider "proxmox" {
  pm_tls_insecure     = true
  pm_api_url          = var.proxmox_api_url
  
  # Logic: If use_vault is true, verify vault data exists, otherwise use vars
  pm_api_token_id     = var.use_vault ? data.vault_generic_secret.proxmox[0].data["api_token_id"] : var.proxmox_api_token_id
  pm_api_token_secret = var.use_vault ? data.vault_generic_secret.proxmox[0].data["api_token_secret"] : var.proxmox_api_token_secret
}

provider "opnsense" {
  uri            = var.use_vault ? data.vault_generic_secret.opnsense[0].data["uri"] : var.opnsense_uri
  allow_insecure = true
  
  api_key    = var.use_vault ? data.vault_generic_secret.opnsense[0].data["api_key"] : var.opnsense_api_key
  api_secret = var.use_vault ? data.vault_generic_secret.opnsense[0].data["api_secret"] : var.opnsense_api_secret
}