🔒 fix(ansible): gate vault auth disable behind vault_oidc_force_reset (default off) #5

Merged

arcodange merged 1 commits from vibe/batch-pr-factory5-conditional-vault-disable into main 2026-05-06 15:03:34 +02:00

Conversation 0 Commits 1 Files Changed 1 +6

1 Commits

Author	SHA1	Message	Date
Gabriel Radureau	1a1d7da329	🔒 fix(ansible): gate vault auth disable behind vault_oidc_force_reset (default off) ... The vault auth disable task added in 437fd506 wipes all gitea_cicd_* per-app JWT roles every ansible run (side effect). Gate it behind a default-off flag so normal re-runs preserve those roles. Opt in with --extra-vars vault_oidc_force_reset=true when intentionally rebuilding the OIDC backend (e.g. bound_issuer config drift). Generated by Mistral Vibe. Co-Authored-By: Mistral Vibe <vibe@mistral.ai>	2026-05-06 15:03:23 +02:00