unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
90 Commits 1 Branch 0 Tags 196 KiB
master
Commit Graph

27 Commits

Author SHA1 Message Date
Ben Vincent
56d858f900 feat: add prowlarr access 
- enable kubernetes access to prowlarr secrets
 2026-01-04 23:36:43 +11:00
Ben Vincent
4f185d5e28 feat: add policy to read terraform vars 
- read variables required for terraform-repoflow
 2025-12-13 10:56:58 +11:00
Ben Vincent
65ad53e24c Merge pull request 'feat: add repoflow service vault configuration' (#39) from benvin/repoflow into master 
Reviewed-on: #39
 2025-12-13 10:13:33 +11:00
Ben Vincent
9814b8fc1a feat: add repoflow tokens 
- add approle for terraform-repoflow
- add policies to access repoflow tokens
 2025-12-13 10:09:29 +11:00
Ben Vincent
7b81abfa9e feat: add repoflow service vault configuration 
- add secrets for s3, elasticsearch, hasura, postgres and repoflow
 2025-12-13 09:20:58 +11:00
Ben Vincent
5afd1ad9c1 feat: add rpmbuilder approle 
- add rpmbuilder approle
- add policies to acces gitea/github read-only tokens
 2025-11-29 18:00:20 +11:00
Ben Vincent
6624f7aed1 feat: add kubernetes secrets engine with RBAC roles for au-syd1 cluster 
- Add Kubernetes secrets engine at kubernetes/au/syd1 path
  - Create four RBAC roles with external YAML configuration:
    * media-apps-operator: namespaced role for media-apps with selective permissions
    * cluster-operator: cluster-wide read-only access to specific API groups
    * cluster-admin: cluster-wide full access to specific API groups
    * cluster-root: cluster-wide superuser access to all resources
  - Add Vault policies for credential generation for each role
  - Add admin policies for kubernetes auth backend configuration and role management
  - Refactor kubernetes auth backend to use shared locals for CA certificate
  - Update terraform-vault approle with required kubernetes policies
 2025-11-27 23:22:13 +11:00
Ben Vincent
b9deb02cfb chore: remove k8s pki policy 
- k8s pki engine was removed some time ago
- also cleanup policy files
 2025-11-27 20:42:27 +11:00
Ben Vincent
6353ac6bbc feat: add media-apps integration with vault 
- add kubernetes auth role for media-apps
- add policies to read radarr/sonarr secrets
 2025-11-27 20:40:54 +11:00
Ben Vincent
4cf1b43960 chore: update k8s csi roles 
- ensure the new service accounts can read cephrbd/cephfs
- ensure correct namespace is allowed
 2025-11-26 21:01:31 +11:00
Ben Vincent
7814551084 feat: manage k8s auth role integration 
- add policies to sign/issue certificates
- manage auth roles for ceph-csi, certmanager, externaldns, huntarr
 2025-11-22 23:21:43 +11:00
Ben Vincent
5cbd5815a0 chore: format policy files 
- ensure all policy files are correctly formatted
 2025-11-16 13:35:10 +11:00
Ben Vincent
cbee19b5f9 feat: move k8s secrets into vault 
- update kubernetes_host to match value in jwt
- regenerate jwt token and store in vault
- add policy to enable access to jwt token
- update tf_deploy user with access to token
 2025-11-16 12:42:18 +11:00
Ben Vincent
85d81fef72 feat: add transit engine 
- add transit engine
- add policies to manage keys, encryption and decryption
- add ability to create keys to tf_vault approle
 2025-11-15 15:55:51 +11:00
Ben Vincent
bc9b4eebdc feat: add kubernetes auth engine 
- add kubernetes authentication
- add policy to manage kubernetes auth engine roles/config
 2025-11-15 10:50:17 +11:00
Ben Vincent
d508dcd4a9 feat: enable access to puppetcerts 
- enable the terraform-incus repo to access puppet certs
 2025-04-27 16:26:05 +10:00
Ben Vincent
05268f9dd8 feat: enable access to kv/service/packer/builder/docker-incus-client 2025-04-23 18:24:36 +10:00
Ben Vincent
8bc67e1e5b feat: add terraform-incus approle/policy 2025-04-07 16:22:41 +10:00
Ben Vincent
275b640adc feat: add packer-builder policy 2025-04-07 16:22:22 +10:00
Ben Vincent
9b9afdce58 feat: add pki for k8s 
- add pki for k8s
- add policy to manage k8s/*/roles/*
 2025-01-27 21:05:51 +11:00
Ben Vincent
2d345cc63b fix: fix rolename 
- had duplicate role
- change policy name to match approle
- updated ttl as packer builds can take some time
 2025-01-11 21:32:33 +11:00
Ben Vincent
f83ba13158 feat: add packer-builder role 
- limit access to workstation and gitea runners
 2025-01-11 21:01:17 +11:00
Ben Vincent
12e04b3db7 feat: add incus-cluster role/policies 
- add policy and role to manage incus cluster join tokens
 2025-01-06 23:16:06 +11:00
Ben Vincent
fc22ac1711 feat: add terraform_nomad role 
- add approle and policy for nomad terraform
 2024-12-28 17:14:14 +11:00
Ben Vincent
63dd355311 feat: add puppetapi approle/policy 2024-12-15 17:07:01 +11:00
Ben Vincent
f78416361b feat: manage terraform access to vault 
- add approle for terraform, tf_vault
- add policices to manage terraform access to vault
- add policices for default access to vault from ldap users
 2024-09-26 22:59:40 +10:00
Ben Vincent
14790f8277 feat: import current status 
- import pki, ssh, kv, rundeck engines
- deploy all roles from terraform
- deploy all policies from terraform
- deploy all approles from terraform
 2024-09-23 22:01:18 +10:00