M terraform_keycloak/keycloak.tf => terraform_keycloak/keycloak.tf +15 -8
@@ 9,14 9,21 @@ data "external" "vault_keycloak" {
"group_vars/all/vault_keycloak.yml"]
}
-data "external" "vault_email" {
- program = ["${path.module}/../misc/read-vault.py",
- "group_vars/all/vault_email.yml"]
+data "vault_generic_secret" "nextcloud" {
+ path = "ansible/nextcloud"
+}
+
+data "vault_generic_secret" "peertube" {
+ path = "ansible/peertube"
}
-data "external" "vault_oidc" {
+data "vault_generic_secret" "vault" {
+ path = "ansible/vault"
+}
+
+data "external" "vault_email" {
program = ["${path.module}/../misc/read-vault.py",
- "group_vars/all/vault_oidc.yml"]
+ "group_vars/all/vault_email.yml"]
}
provider "keycloak" {
@@ 108,7 115,7 @@ resource "keycloak_group_roles" "peertube" {
resource "keycloak_openid_client" "vault_openid_client" {
realm_id = "xenrox"
client_id = "openid_vault"
- client_secret = data.external.vault_oidc.result.vault_oidc_vault_secret
+ client_secret = data.vault_generic_secret.vault.data["oidc_secret"]
name = "Vault"
enabled = true
@@ 138,7 145,7 @@ resource "keycloak_role" "vault_admin" {
resource "keycloak_openid_client" "peertube_openid_client" {
realm_id = "xenrox"
client_id = "openid_peertube"
- client_secret = data.external.vault_oidc.result.vault_oidc_peertube_secret
+ client_secret = data.vault_generic_secret.peertube.data["oidc_secret"]
name = "Peertube"
enabled = true
@@ 167,7 174,7 @@ resource "keycloak_role" "peertube" {
resource "keycloak_openid_client" "nextcloud_openid_client" {
realm_id = "xenrox"
client_id = "openid_nextcloud"
- client_secret = data.external.vault_oidc.result.vault_oidc_nextcloud_secret
+ client_secret = data.vault_generic_secret.nextcloud.data["oidc_secret"]
name = "Nextcloud"
enabled = true
M terraform_keycloak/versions.tf => terraform_keycloak/versions.tf +3 -0
@@ 3,6 3,9 @@ terraform {
keycloak = {
source = "mrparkers/keycloak"
}
+ vault = {
+ source = "hashicorp/vault"
+ }
}
required_version = ">= 0.13"
}