role management for postgres synergy with vault dynamic credentials

2024-10-30 10:36:31 +01:00
parent f9a47c8ccf
commit 1c22b946d6
13 changed files with 260 additions and 10 deletions
--- a/postgres/iac/providers.tf
+++ b/postgres/iac/providers.tf
@@ -0,0 +1,37 @@
+terraform {
+  required_providers {
+    postgresql = {
+      source = "cyrilgdn/postgresql"
+      version = "1.24.0"
+    }
+    vault = {
+      source = "vault"
+      version = "4.4.0"
+    }
+  }
+}
+
+variable "POSTGRES_USERNAME" {
+  type = string
+  sensitive = true
+}
+variable "POSTGRES_PASSWORD" {
+  type = string
+  sensitive = true
+}
+
+provider "postgresql" {
+  host     = "192.168.1.202"
+  username = var.POSTGRES_USERNAME
+  password = var.POSTGRES_PASSWORD
+  sslmode  = "disable"
+  superuser = true
+}
+
+provider vault {
+  address = "https://vault.arcodange.duckdns.org"
+  auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
+    mount = "gitea_jwt"
+    role = "gitea_cicd"
+  }
+}