feat: add vault policy for terraform-git webhook secrets
Allow terraform-git to read webhook URLs stored in kv/data/service/gitea/webhook/* via approle and k8s auth.
This commit is contained in:
@@ -0,0 +1,11 @@
|
|||||||
|
---
|
||||||
|
rules:
|
||||||
|
- path: "kv/data/service/gitea/webhook/*"
|
||||||
|
capabilities:
|
||||||
|
- read
|
||||||
|
|
||||||
|
auth:
|
||||||
|
approle:
|
||||||
|
- terraform_git
|
||||||
|
k8s/au/syd1:
|
||||||
|
- woodpecker_terraform_git
|
||||||
Reference in New Issue
Block a user