apply vault config from CI

hashicorp-vault/.helmignore

@@ -21,3 +21,4 @@
 .idea/
 *.tmproj
 .vscode/
+iac/

hashicorp-vault/iac/main.tf

@@ -0,0 +1,39 @@
+terraform {
+  backend "gcs" {
+    bucket  = "arcodange-tf"
+    prefix  = "tools/hashicorp_vault/main"
+  }
+}
+
+variable "vault_address" {
+  type = string
+  default = "http://127.0.0.1:8200"
+}
+
+terraform {
+    required_providers {
+      vault = {
+        source = "vault"
+        version = "4.4.0"
+      }
+    }
+}
+
+provider vault {
+    address = var.vault_address
+    auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
+        role = "admin"
+    }
+}
+
+data "vault_policy_document" "admin" {
+  rule {
+    path         = "*"
+    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+    description  = "admin privileges"
+  }
+}
+resource "vault_policy" "admin" {
+    name = "admin"
+    policy = data.vault_policy_document.admin.hcl
+}

hashicorp-vault/values.yaml

@@ -5,7 +5,7 @@ vault: &vault_config
   
   server:
     enabled: true
-    logLevel: debug
+    logLevel: trace
   
     ingress:
       enabled: true