--- a/opt/netbox/netbox/netbox/configuration.py	2021-07-11 22:24:55.365668931 +0000
+++ b/opt/netbox/netbox/netbox/configuration.py	2021-07-11 22:28:09.665982854 +0000
@@ -4,21 +4,35 @@
 #                       #
 #########################
 
+import os
+from django.contrib.vault_client import SimpleVaultClient
+
+
+def _is_affirmative(value):
+    value = "" if not value else value
+    return value.lower() in ["yes", "true", "on", "1"]
+
+
 # This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
 # access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
 #
 # Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ['*']
 
 # PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
 #   https://docs.djangoproject.com/en/stable/ref/settings/#databases
+port = os.getenv("NETBOX_DB_PORT")
 DATABASE = {
-    'NAME': 'netbox',         # Database name
-    'USER': '',               # PostgreSQL username
-    'PASSWORD': '',           # PostgreSQL password
-    'HOST': 'localhost',      # Database server
-    'PORT': '',               # Database port (leave blank for default)
-    'CONN_MAX_AGE': 300,      # Max database connection age
+    'NAME': os.getenv("NETBOX_DB_NAME"),
+    'HOST': os.getenv("NETBOX_DB_HOST"),
+    'PORT': int(port) if port else "",
+    'CONN_MAX_AGE': 300,
+    "VAULT_SKIP_VERIFY": os.getenv("VAULT_SKIP_VERIFY"),
+    "VAULT_ADDR": os.getenv("VAULT_ADDR"),
+    "VAULT_TOKEN": os.getenv("VAULT_TOKEN"),
+    "VAULT_DB_ROLE_NAME": os.getenv("VAULT_DB_ROLE_NAME"),
+    "VAULT_ROLE_ID": os.getenv("VAULT_ROLE_ID"),
+    "VAULT_SECRET_ID": os.getenv("VAULT_SECRET_ID"),
 }
 
 # Redis database settings. Redis is used for caching and for queuing background tasks such as webhook events. A separate
@@ -26,26 +40,26 @@
 # to use two separate database IDs.
 REDIS = {
     'tasks': {
-        'HOST': 'localhost',
+        'HOST': os.getenv("NETBOX_REDIS_HOST"),
         'PORT': 6379,
         # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
         # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
         # 'SENTINEL_SERVICE': 'netbox',
         'PASSWORD': '',
-        'DATABASE': 0,
+        'DATABASE': int(os.getenv("NETBOX_REDIS_TASK_DB")),
         'SSL': False,
         # Set this to True to skip TLS certificate verification
         # This can expose the connection to attacks, be careful
         # 'INSECURE_SKIP_TLS_VERIFY': False,
     },
     'caching': {
-        'HOST': 'localhost',
+        'HOST': os.getenv("NETBOX_REDIS_HOST"),
         'PORT': 6379,
         # Comment out `HOST` and `PORT` lines and uncomment the following if using Redis Sentinel
         # 'SENTINELS': [('mysentinel.redis.example.com', 6379)],
         # 'SENTINEL_SERVICE': 'netbox',
         'PASSWORD': '',
-        'DATABASE': 1,
+        'DATABASE': int(os.getenv("NETBOX_REDIS_CACHE_DB")),
         'SSL': False,
         # Set this to True to skip TLS certificate verification
         # This can expose the connection to attacks, be careful
@@ -57,7 +71,14 @@
 # For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
 # symbols. NetBox will not run without this defined. For more information, see
 # https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-SECRET_KEY
-SECRET_KEY = ''
+vc = SimpleVaultClient(
+    os.getenv("VAULT_ADDR"),
+    os.getenv("VAULT_ROLE_ID"),
+    os.getenv("VAULT_SECRET_ID"),
+    ssl_verify=not _is_affirmative(os.getenv("VAULT_SKIP_VERIFY"))
+)
+SECRET_KEY = vc.get_kv_secret(os.getenv("NETBOX_VAULT_SECRET_NAME"), "key")
+del vc
 
 
 #########################