unkin/terraform-vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
85d81fef72
terraform-vault/auth_approle_tf_vault.tf
Ben Vincent 85d81fef72 feat: add transit engine 
- add transit engine
- add policies to manage keys, encryption and decryption
- add ability to create keys to tf_vault approle
2025-11-15 15:55:51 +11:00

31 lines
879 B
HCL
Raw Blame History

resource "vault_approle_auth_backend_role" "tf_vault" {
role_name = "tf_vault"
bind_secret_id = false
token_policies = [
"default_access",
"auth/token/auth_token_create",
"auth/token/auth_token_self",
"auth/token/auth_token_roles_admin",
"auth/approle/approle_role_admin",
"auth/approle/approle_role_login",
"approle_token_create",
"auth/kubernetes/k8s_auth_admin",
"k8s/k8s_pki_roles_admin",
"auth/ldap/ldap_admin",
"pki_int/pki_int_roles_admin",
"pki_root/pki_root_roles_admin",
"ssh-host-signer/ssh-host-signer_roles_admin",
"sshca/sshca_roles_admin",
"kv/service/glauth/services/svc_vault_read",
"sys/sys_auth_admin",
"sys/sys_mounts_admin",
"sys/sys_policy_admin",
"transit/keys/admin",
]
token_ttl = 60
token_max_ttl = 120
token_bound_cidrs = [
"10.10.12.200/32",
]
}
Reference in New Issue View Git Blame Copy Permalink