unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'feat: add tf_vault required policies' (#47) from benvin/tf-vault-policy-updates into master

Browse Source 
Reviewed-on: #47
This commit is contained in:
Ben Vincent 2026-02-14 18:41:33 +11:00
commit 66ee6430fa
12 changed files with 159 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
policies/consul_root/au/syd1/config/admin.yaml Normal file
View File

@ -0,0 +1,14 @@
# Allow access to configure consul secret backend
---
rules:
- path: "consul_root/au/syd1/config/*"
capabilities:
- create
- update
- delete
- read
- list
auth:
approle:
- tf_vault

14
policies/consul_root/au/syd1/roles/admin.yaml Normal file
View File

@ -0,0 +1,14 @@
# Allow access to manage consul secret backend roles
---
rules:
- path: "consul_root/au/syd1/roles/*"
capabilities:
- create
- update
- delete
- read
- list
auth:
approle:
- tf_vault

14
policies/kv/config/admin.yaml Normal file
View File

@ -0,0 +1,14 @@
# Allow access to configure KV secret backend
---
rules:
- path: "kv/config"
capabilities:
- create
- update
- delete
- read
- list
auth:
approle:
- tf_vault

14
policies/pki/au/syd1/config/admin.yaml Normal file
View File

@ -0,0 +1,14 @@
# Allow access to configure pki/au/syd1 secret backend
---
rules:
- path: "pki/au/syd1/config/*"
capabilities:
- create
- update
- delete
- read
- list
auth:
approle:
- tf_vault

11
policies/pki/au/syd1/issuer/admin.yaml Normal file
View File

@ -0,0 +1,11 @@
# Allow access to read pki/au/syd1 issuers
---
rules:
- path: "pki/au/syd1/issuer/*"
capabilities:
- read
- list
auth:
approle:
- tf_vault

14
policies/pki_int/config/admin.yaml Normal file
View File

@ -0,0 +1,14 @@
# Allow access to configure pki_int secret backend
---
rules:
- path: "pki_int/config/*"
capabilities:
- create
- update
- delete
- read
- list
auth:
approle:
- tf_vault

11
policies/pki_int/issuer/admin.yaml Normal file
View File

@ -0,0 +1,11 @@
# Allow access to read pki_int issuers
---
rules:
- path: "pki_int/issuer/*"
capabilities:
- read
- list
auth:
approle:
- tf_vault

14
policies/pki_root/config/admin.yaml Normal file
View File

@ -0,0 +1,14 @@
# Allow access to configure pki_root secret backend
---
rules:
- path: "pki_root/config/*"
capabilities:
- create
- update
- delete
- read
- list
auth:
approle:
- tf_vault

11
policies/pki_root/issuer/admin.yaml Normal file
View File

@ -0,0 +1,11 @@
# Allow access to read pki_root issuers
---
rules:
- path: "pki_root/issuer/*"
capabilities:
- read
- list
auth:
approle:
- tf_vault

14
policies/pki_root/roles/admin.yaml Normal file
View File

@ -0,0 +1,14 @@
# Allow access to manage pki_root secret backend roles
---
rules:
- path: "pki_root/roles/*"
capabilities:
- create
- update
- delete
- read
- list
auth:
approle:
- tf_vault

14
policies/rundeck/config/admin.yaml Normal file
View File

@ -0,0 +1,14 @@
# Allow access to configure rundeck KV secret backend
---
rules:
- path: "rundeck/config"
capabilities:
- create
- update
- delete
- read
- list
auth:
approle:
- tf_vault

14
policies/sshca/config/admin.yaml Normal file
View File

@ -0,0 +1,14 @@
# Allow access to configure SSH CA secret backend
---
rules:
- path: "sshca/config/*"
capabilities:
- create
- update
- delete
- read
- list
auth:
approle:
- tf_vault