~xenrox/ansible

f83b9ac8b7f4cf12f9479dde422acf0570e83141 — Thorben Günther 2 months ago a1452a1
vault: Add a few secrets
2 files changed, 22 insertions(+), 4 deletions(-)

M terraform_vault/secrets.tf
A terraform_vault/secrets_engines.tf
M terraform_vault/secrets.tf => terraform_vault/secrets.tf +17 -4
@@ 1,5 1,18 @@
resource "vault_mount" "kv" {
  path        = "ansible"
  type        = "kv-v2"
  description = "Ansible secrets store"
locals {
  users           = toset(["xenrox", "seeguen", "test"])
  ansible_secrets = toset(["nextcloud", "peertube", "vault"])
}

resource "vault_generic_secret" "ansible_secrets" {
  for_each = local.ansible_secrets

  path      = "ansible/${each.key}"
  data_json = file("/home/xenrox/decrypted/vault/${each.key}.json")
}

resource "vault_generic_secret" "users" {
  for_each = local.users

  path      = "ansible/users/${each.key}"
  data_json = file("/home/xenrox/decrypted/vault/users/${each.key}.json")
}

A terraform_vault/secrets_engines.tf => terraform_vault/secrets_engines.tf +5 -0
@@ 0,0 1,5 @@
resource "vault_mount" "kv" {
  path        = "ansible"
  type        = "kv-v2"
  description = "Ansible secrets store"
}