unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: unkin:8e1d242dbad82b0499c8c0656ef76a501d53835a
Branches Tags
unkin:master
..
compare: unkin:59b7b01c236ce44421ff501e9e03da4beda80e68
Branches Tags
unkin:master

No commits in common. "8e1d242dbad82b0499c8c0656ef76a501d53835a" and "59b7b01c236ce44421ff501e9e03da4beda80e68" have entirely different histories.
8e1d242dba ... 59b7b01c23

6 changed files with 1 additions and 34 deletions
Show Stats Expand all files Collapse all files

3
auth_approle_tf_vault.tf
View File

@ -15,12 +15,11 @@ resource "vault_approle_auth_backend_role" "tf_vault" {
"pki_int/pki_int_roles_admin",
"pki_root/pki_root_roles_admin",
"ssh-host-signer/ssh-host-signer_roles_admin",
"sshca/sshca_roles_admin",
"sshca_roles_admin",
"kv/service/glauth/services/svc_vault_read",
"sys/sys_auth_admin",
"sys/sys_mounts_admin",
"sys/sys_policy_admin",
"transit/keys/admin",
]
token_ttl = 60
token_max_ttl = 120

13
engine_transit.tf
View File

@ -1,13 +0,0 @@
resource "vault_mount" "transit" {
path = "transit"
type = "transit"
description = "Transit Engine"
default_lease_ttl_seconds = 3600
max_lease_ttl_seconds = 86400
}
resource "vault_transit_secret_backend_key" "key" {
backend = vault_mount.transit.path
name = "au-syd1-k8s-vso"
type = "aes256-gcm96"
}

3
policies.tf
View File

@ -13,9 +13,6 @@ locals {
"policies/rundeck",
"policies/ssh-host-signer",
"policies/sshca",
"policies/transit/decrypt",
"policies/transit/encrypt",
"policies/transit/keys",
"policies/kv/service/glauth/services",
"policies/kv/service/incus",
"policies/kv/service/packer",

4
policies/transit/decrypt/au-syd1-k8s-vso.hcl
View File

@ -1,4 +0,0 @@
# Allow decryption with the au-syd1-k8s-vso key
path "transit/decrypt/au-syd1-k8s-vso" {
capabilities = ["create", "update"]
}

4
policies/transit/encrypt/au-syd1-k8s-vso.hcl
View File

@ -1,4 +0,0 @@
# Allow encryption with the au-syd1-k8s-vso key
path "transit/encrypt/au-syd1-k8s-vso" {
capabilities = ["create", "update"]
}

8
policies/transit/keys/admin.hcl
View File

@ -1,8 +0,0 @@
# Allow management of keys (create, update, delete, list, and read)
path "transit/keys/*" {
capabilities = ["create", "update", "delete", "read", "list"]
}
# Allow listing of available keys
path "transit/keys" {
capabilities = ["read", "list"]
}