Make gpg_secret_backend mount-only; plugin import split out
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful

Plugin catalog registration now lives in its own module + config/plugins (see
the split-out PR), so this module no longer registers the plugin.

- Drop the vault_plugin resource and the sha256/command inputs; the mount now
  references the already-registered plugin type directly.
- Simplify config/gpg_secret_backend/gpg.yaml to just the mount description.
This commit is contained in:
2026-07-17 23:00:21 +10:00
parent e90070b9a0
commit ea8daea587
5 changed files with 8 additions and 40 deletions
+1 -3
View File
@@ -316,11 +316,9 @@ variable "litellm_secret_backend_role" {
}
variable "gpg_secret_backend" {
description = "Map of GPG/OpenPGP secret engines to register + mount (path => plugin sha256 + config)"
description = "Map of GPG/OpenPGP secret engines to mount (path => registered plugin + description). The plugin is registered separately via config/plugins."
type = map(object({
plugin = optional(string, "vault-plugin-secrets-gpg")
command = optional(string, "vault-plugin-secrets-gpg")
sha256 = string
description = optional(string)
}))
default = {}