# Allow cert-manager to issue and manage certificates
# used by the puppet autossl role
---
rules:
  - path: "pki/au/syd1/issue/*"
    capabilities:
      - create
      - update
      - read
  - path: "pki/au/syd1/renew/*"
    capabilities:
      - update
  - path: "pki/au/syd1/cert/*"
    capabilities:
      - read

auth:
  approle:
    - certmanager