From 98395dbe5d1d4d2f9bde993f76a66cb8de16f9b2 Mon Sep 17 00:00:00 2001
From: Gabriel Radureau <arcodange@gmail.com>
Date: Tue, 4 Nov 2025 10:11:05 +0100
Subject: [PATCH] vault kvv1/ovh/<app> permission

---
 hashicorp-vault/iac/modules/app_policy/main.tf | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/hashicorp-vault/iac/modules/app_policy/main.tf b/hashicorp-vault/iac/modules/app_policy/main.tf
index aed281d..9dc3907 100644
--- a/hashicorp-vault/iac/modules/app_policy/main.tf
+++ b/hashicorp-vault/iac/modules/app_policy/main.tf
@@ -27,13 +27,14 @@ data "vault_policy_document" "ops" {
     path         = "kvv1/google/credentials"
     capabilities = ["read"]
   }
-  # read cloudflare credentials for terraform cloudflare backend
+  # read cloudflare related secrets
   rule {
     path         = "kvv1/cloudflare/${local.name}*"
     capabilities = ["read", "list", "create", "update", "delete"]
   }
+  # read ovh related secrets
   rule {
-    path         = "kvv1/cloudflare/${local.name}*"
+    path         = "kvv1/ovh/${local.name}*"
     capabilities = ["read", "list", "create", "update", "delete"]
   }
   # read tofu_module_reader gitea bot user ssh keys