fix: skip_child_token on vault provider
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was canceled

The CI VAULT_TOKEN (short-lived k8s-auth role token) can't create child
tokens, so the vault provider failed with 'failed to create limited child
token: permission denied'. Use the token directly.
This commit is contained in:
2026-07-06 23:43:16 +10:00
parent d96d36a079
commit 93742883a5
+5 -2
View File
@@ -8,8 +8,11 @@ provider "authentik" {
} }
# Reads client secrets seeded in Vault (kv-v2). Auth via VAULT_ADDR + VAULT_TOKEN # Reads client secrets seeded in Vault (kv-v2). Auth via VAULT_ADDR + VAULT_TOKEN
# from the environment (set by the Makefile vault_env helper). # from the environment (set by the Makefile vault_env helper). skip_child_token
provider "vault" {} # is required because the short-lived CI token cannot create child tokens.
provider "vault" {
skip_child_token = true
}
variable "authentik_token" { variable "authentik_token" {
type = string type = string