configure vault oidc login and cicd jwt login

2024-10-07 17:24:25 +02:00
parent 5beaee60ac
commit 50399328dc
17 changed files with 271 additions and 28 deletions
--- a/doc/adr/04_tool_hashicorp_vault.md
+++ b/doc/adr/04_tool_hashicorp_vault.md
@@ -35,7 +35,7 @@ sequenceDiagram
    Ansible ->> Vault: unseal(unsealKey)
    Ansible ->> Vault: revoke vaultRootToken

-        rect rgb(255, 266, 255)
+        rect rgb(255, 255, 255)

        Ansible ->> Gitea : setupApp(adminPassword)
        activate Gitea
@@ -53,4 +53,19 @@ sequenceDiagram
        end

    end
+
+    rect rgb(180,150,100)
+      Ansible ->> Vault : share Google Credentials for open tofu GCS backend
+      Ansible ->> Gitea : gives oidc auth script for vault
+      activate Gitea
+      rect rgb(255,255,255)
+        Gitea ->> Vault: auth with oidc auth script
+        create actor Admin AS Admin User
+        Gitea ->> Admin: poll for Admin login
+        Note left of Admin: copy paste link <br> generated by <br> oidc auth script
+        Vault ->> Gitea: Google Credentials for open tofu GCS backend
+        Gitea ->> Vault: configure vault with open tofu
+      end
+      deactivate Gitea
+    end
 ```