feat: add vault policy for terraform-git webhook secrets
ci/woodpecker/pr/plan Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline failed

Allow terraform-git to read webhook URLs stored in
kv/data/service/gitea/webhook/* via approle and k8s auth.
This commit is contained in:
2026-06-08 16:11:58 +10:00
parent 346cf9fa43
commit 132e5ea4d9
+11
View File
@@ -0,0 +1,11 @@
---
rules:
- path: "kv/data/service/gitea/webhook/*"
capabilities:
- read
auth:
approle:
- terraform_git
k8s/au/syd1:
- woodpecker_terraform_git