Files
terraform-vault/policies/kv/service
unkinben e01deb13d6
ci/woodpecker/pr/plan Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
policies: let terraform-authentik read oauth client secrets from kv
The terraform-authentik module now reads OAuth2 client secrets from Vault
(data.vault_kv_secret_v2) instead of committing them, but the
terraform_authentik approle / woodpecker_terraform_authentik k8s role only
had the consul creds policy, so plan failed with permission denied.

Grant read on kv/data/kubernetes/namespace/+/default/oauth-credentials so
the runner can read the client secret for any namespace's OIDC provider
(e.g. grafana).
2026-07-06 22:20:40 +10:00
..
2026-06-08 15:17:58 +10:00
2026-02-01 14:54:23 +11:00
2026-05-21 23:52:30 +10:00