unkinben e01deb13d6
ci/woodpecker/pr/plan Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
policies: let terraform-authentik read oauth client secrets from kv
The terraform-authentik module now reads OAuth2 client secrets from Vault
(data.vault_kv_secret_v2) instead of committing them, but the
terraform_authentik approle / woodpecker_terraform_authentik k8s role only
had the consul creds policy, so plan failed with permission denied.

Grant read on kv/data/kubernetes/namespace/+/default/oauth-credentials so
the runner can read the client secret for any namespace's OIDC provider
(e.g. grafana).
2026-07-06 22:20:40 +10:00
2024-09-09 22:57:00 +10:00
2026-05-21 23:52:30 +10:00
2024-09-23 22:01:18 +10:00

terraform-vault

A repository to manage the configuration of Vault secret engines, authentication modes and policies.

Usage

  1. Initialize Terraform

Once you have your backend block configured, you need to initialize your Terraform working directory to configure the backend:

terraform init

This command initializes the backend and checks the connection to Consul. If everything is set up correctly, Terraform will start using Consul as its backend for storing the state.

  1. Common terraform init Errors

If you encounter errors while running terraform init, check the following:

Consul server is reachable: Make sure that the address is correct and that you can connect to the Consul server.
Consul token (if using ACLs): Verify that the token has the correct permissions to write to the specified path in the Consul KV store.
  1. Example Consul KV Structure

In Consul, the state file will be stored in the KV store under the specified path:

terraform/state

You can check the Consul KV store by accessing the Consul UI or using the consul kv command to see the stored Terraform state:

consul kv get terraform/state
S
Description
A repository to manage the configuration of Vault secret engines, authentication modes and policies.
Readme MIT 597 KiB
Languages
HCL 98.9%
Makefile 1.1%