feat: manage terraform access to vault
- add approle for terraform, tf_vault - add policices to manage terraform access to vault - add policices for default access to vault from ldap users
This commit is contained in:
@@ -0,0 +1,4 @@
|
||||
# Allow reading audit logs related to secret engines
|
||||
path "sys/audit" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
@@ -0,0 +1,4 @@
|
||||
# Allow creating and management of authentication backends (AppRole, LDAP, etc.)
|
||||
path "sys/auth/*" {
|
||||
capabilities = ["create", "update", "delete", "read", "list"]
|
||||
}
|
||||
@@ -0,0 +1,14 @@
|
||||
# Allow access to manage secret engines (mount, unmount, update)
|
||||
path "sys/mounts/*" {
|
||||
capabilities = ["create", "update", "delete", "read", "list"]
|
||||
}
|
||||
|
||||
# Allow tuning existing secret engines
|
||||
path "sys/mounts-tune/*" {
|
||||
capabilities = ["update", "read"]
|
||||
}
|
||||
|
||||
# Allow reaing and listing of enabled secret engines
|
||||
path "sys/mounts" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
# Allow management of policies (create, update, delete, list, and read)
|
||||
path "sys/policies/acl/*" {
|
||||
capabilities = ["create", "update", "delete", "read", "list"]
|
||||
}
|
||||
|
||||
# Allow listing of available policies
|
||||
path "sys/policies/acl" {
|
||||
capabilities = ["read", "list"]
|
||||
}
|
||||
Reference in New Issue
Block a user