homelab/vault/approle.tf
vincent 545d426bd3
Some checks failed
continuous-integration/drone/push Build is failing
feat: vault secret in droneCI
2022-11-27 15:25:26 +01:00

32 lines
802 B
HCL

resource "vault_auth_backend" "approle" {
type = "approle"
}
resource "vault_approle_auth_backend_role" "drone-vault" {
backend = vault_auth_backend.approle.path
role_name = "drone-vault"
token_policies = ["drone-vault"]
}
data "vault_approle_auth_backend_role_id" "drone-vault" {
backend = vault_auth_backend.approle.path
role_name = vault_approle_auth_backend_role.drone-vault.role_name
}
output "drone-vault-role-id" {
value = data.vault_approle_auth_backend_role_id.drone-vault.role_id
}
data "vault_policy_document" "drone-vault" {
rule {
path = "secrets/data/droneCI/*"
capabilities = ["read", "list"]
}
}
resource "vault_policy" "drone-vault" {
name = "drone-vault"
policy = data.vault_policy_document.nomad_server_policy.hcl
}