add app_roles terraform module for vault and declare erp app

2024-11-04 17:30:37 +01:00
parent bbb0bc7d5f
commit 784c014224
10 changed files with 105 additions and 30 deletions
--- a/hashicorp-vault/iac/modules/app_policy/main.tf
+++ b/hashicorp-vault/iac/modules/app_policy/main.tf
@@ -27,6 +27,11 @@ data "vault_policy_document" "ops" {
    path = "kvv1/google/credentials"
    capabilities = [ "read" ]
  }
+  # read tofu_module_reader gitea bot user ssh keys
+  rule {
+    path = "kvv1/gitea/tofu_module_reader"
+    capabilities = [ "read" ]
+  }

  # edit postgres credentials access permissions
  rule {