unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7814551084
terraform-vault/auth_approle_tf_vault.tf
Ben Vincent cbee19b5f9 feat: move k8s secrets into vault 
- update kubernetes_host to match value in jwt
- regenerate jwt token and store in vault
- add policy to enable access to jwt token
- update tf_deploy user with access to token
2025-11-16 12:42:18 +11:00

32 lines
940 B
HCL
Raw Blame History

resource "vault_approle_auth_backend_role" "tf_vault" {
role_name = "tf_vault"
bind_secret_id = false
token_policies = [
"default_access",
"auth/token/auth_token_create",
"auth/token/auth_token_self",
"auth/token/auth_token_roles_admin",
"auth/approle/approle_role_admin",
"auth/approle/approle_role_login",
"approle_token_create",
"auth/kubernetes/k8s_auth_admin",
"k8s/k8s_pki_roles_admin",
"auth/ldap/ldap_admin",
"pki_int/pki_int_roles_admin",
"pki_root/pki_root_roles_admin",
"ssh-host-signer/ssh-host-signer_roles_admin",
"sshca/sshca_roles_admin",
"kv/service/glauth/services/svc_vault_read",
"sys/sys_auth_admin",
"sys/sys_mounts_admin",
"sys/sys_policy_admin",
"transit/keys/admin",
"kv/service/kubernetes/au/syd1/token_reviewer_jwt/read",
]
token_ttl = 60
token_max_ttl = 120
token_bound_cidrs = [
"10.10.12.200/32",
]
}
Reference in New Issue View Git Blame Copy Permalink