Make gpg_secret_backend mount-only; plugin import split out
Plugin catalog registration now lives in its own module + config/plugins (see the split-out PR), so this module no longer registers the plugin. - Drop the vault_plugin resource and the sha256/command inputs; the mount now references the already-registered plugin type directly. - Simplify config/gpg_secret_backend/gpg.yaml to just the mount description.
This commit is contained in:
@@ -316,11 +316,9 @@ variable "litellm_secret_backend_role" {
|
||||
}
|
||||
|
||||
variable "gpg_secret_backend" {
|
||||
description = "Map of GPG/OpenPGP secret engines to register + mount (path => plugin sha256 + config)"
|
||||
description = "Map of GPG/OpenPGP secret engines to mount (path => registered plugin + description). The plugin is registered separately via config/plugins."
|
||||
type = map(object({
|
||||
plugin = optional(string, "vault-plugin-secrets-gpg")
|
||||
command = optional(string, "vault-plugin-secrets-gpg")
|
||||
sha256 = string
|
||||
description = optional(string)
|
||||
}))
|
||||
default = {}
|
||||
|
||||
Reference in New Issue
Block a user