Add auth and state access for terraform-authentik (#78)
ci/woodpecker/push/apply Pipeline was successful

## Summary
- K8s auth role for Woodpecker CI (`terraform-authentik` SA in `woodpecker` namespace)
- AppRole for local terraform runs
- Consul secret backend role (`terraform-authentik`, TTL 120/300)
- Consul ACL policy for `infra/terraform/authentik/` key prefix
- Vault policy granting both auth methods access to Consul creds

Reviewed-on: #78
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
This commit was merged in pull request #78.
This commit is contained in:
2026-06-28 01:17:51 +10:00
committed by BenVincent
parent be9bd96cf3
commit c33dcdc447
5 changed files with 39 additions and 0 deletions
@@ -0,0 +1,7 @@
key_prefix "infra/terraform/authentik/" {
policy = "write"
}
session_prefix "" {
policy = "write"
}