apply vault config from CI

2024-10-01 15:49:21 +02:00
parent 24a559fb1a
commit 781a04b26f
4 changed files with 90 additions and 0 deletions
--- a/hashicorp-vault/iac/main.tf
+++ b/hashicorp-vault/iac/main.tf
@@ -0,0 +1,39 @@
+terraform {
+  backend "gcs" {
+    bucket  = "arcodange-tf"
+    prefix  = "tools/hashicorp_vault/main"
+  }
+}
+
+variable "vault_address" {
+  type = string
+  default = "http://127.0.0.1:8200"
+}
+
+terraform {
+    required_providers {
+      vault = {
+        source = "vault"
+        version = "4.4.0"
+      }
+    }
+}
+
+provider vault {
+    address = var.vault_address
+    auth_login_jwt { # TERRAFORM_VAULT_AUTH_JWT environment variable
+        role = "admin"
+    }
+}
+
+data "vault_policy_document" "admin" {
+  rule {
+    path         = "*"
+    capabilities = ["create", "read", "update", "delete", "list", "sudo"]
+    description  = "admin privileges"
+  }
+}
+resource "vault_policy" "admin" {
+    name = "admin"
+    policy = data.vault_policy_document.admin.hcl
+}