resource "vault_auth_backend" "approle" { type = "approle" } resource "vault_approle_auth_backend_role" "drone-vault" { backend = vault_auth_backend.approle.path role_name = "drone-vault" token_policies = ["drone-vault"] } data "vault_approle_auth_backend_role_id" "drone-vault" { backend = vault_auth_backend.approle.path role_name = vault_approle_auth_backend_role.drone-vault.role_name } output "drone-vault-role-id" { value = data.vault_approle_auth_backend_role_id.drone-vault.role_id } data "vault_policy_document" "drone-vault" { rule { path = "secrets/data/droneCI/*" capabilities = ["read", "list"] } } resource "vault_policy" "drone-vault" { name = "drone-vault" policy = data.vault_policy_document.nomad_server_policy.hcl }