feat: add vault policy for terraform-git webhook secrets #75

Merged
benvin merged 3 commits from feat/terraform-git-webhook-secrets into master 2026-06-08 22:56:30 +10:00
Owner

Summary

  • Add read policy for kv/data/service/gitea/webhook/* path
  • Assigned to terraform_git approle and woodpecker_terraform_git k8s auth role
  • Webhook URLs are stored in Vault KV and read at plan/apply time

Test plan

  • Verify terragrunt plan succeeds for terraform-git after merge
## Summary - Add read policy for kv/data/service/gitea/webhook/* path - Assigned to terraform_git approle and woodpecker_terraform_git k8s auth role - Webhook URLs are stored in Vault KV and read at plan/apply time ## Test plan - [ ] Verify terragrunt plan succeeds for terraform-git after merge
unkinben added 1 commit 2026-06-08 16:12:13 +10:00
feat: add vault policy for terraform-git webhook secrets
ci/woodpecker/pr/plan Pipeline failed
ci/woodpecker/pr/pre-commit Pipeline failed
132e5ea4d9
Allow terraform-git to read webhook URLs stored in
kv/data/service/gitea/webhook/* via approle and k8s auth.
unkinben added 1 commit 2026-06-08 16:17:32 +10:00
feat: replace webhook secrets policy with woodpecker token policy
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
12680f93cd
Webhook URLs are now managed by the Woodpecker terraform provider
instead of being stored in Vault. Add read policy for the Woodpecker
API token at kv/data/service/woodpecker/tokens/terraform-git.
unkinben added 1 commit 2026-06-08 19:08:14 +10:00
fix: use gitadmin woodpecker token path
ci/woodpecker/pr/pre-commit Pipeline was successful
ci/woodpecker/pr/plan Pipeline was successful
a29ff9fe6a
benvin merged commit bb5f6922fa into master 2026-06-08 22:56:30 +10:00
benvin deleted branch feat/terraform-git-webhook-secrets 2026-06-08 22:56:31 +10:00
Sign in to join this conversation.
No Reviewers
No Label
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: unkin/terraform-vault#75