~xenrox/ansible: vault: Add ansible policy

3a9fe7ae87af729d7fb56089a10675088074970d — Thorben Günther 2 years ago 2d499fd

vault: Add ansible policy

This policy can only read ansible secrets.

patch browse .tar.gz

2 files changed, 9 insertions(+), 0 deletions(-)

M terraform_vault/policies.tf
A terraform_vault/policies/ansible.hcl

M terraform_vault/policies.tf => terraform_vault/policies.tf +5 -0

@@ 2,3 2,8 @@ resource "vault_policy" "admin_policy" {
   name   = "vault_admin"
   policy = file("policies/vault_admin.hcl")
 }
+
+resource "vault_policy" "ansible_policy" {
+  name   = "ansible"
+  policy = file("policies/ansible.hcl")
+}

A terraform_vault/policies/ansible.hcl => terraform_vault/policies/ansible.hcl +4 -0

@@ 0,0 1,4 @@
+path "ansible/*"
+{
+  capabilities = ["read"]
+}