From f83b9ac8b7f4cf12f9479dde422acf0570e83141 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thorben=20G=C3=BCnther?= <admin@xenrox.net>
Date: Fri, 2 Jul 2021 22:53:56 +0200
Subject: [PATCH] vault: Add a few secrets

---
 terraform_vault/secrets.tf         | 21 +++++++++++++++++----
 terraform_vault/secrets_engines.tf |  5 +++++
 2 files changed, 22 insertions(+), 4 deletions(-)
 create mode 100644 terraform_vault/secrets_engines.tf

diff --git a/terraform_vault/secrets.tf b/terraform_vault/secrets.tf
index c2c8908..3ad7aab 100644
--- a/terraform_vault/secrets.tf
+++ b/terraform_vault/secrets.tf
@@ -1,5 +1,18 @@
-resource "vault_mount" "kv" {
-  path        = "ansible"
-  type        = "kv-v2"
-  description = "Ansible secrets store"
+locals {
+  users           = toset(["xenrox", "seeguen", "test"])
+  ansible_secrets = toset(["nextcloud", "peertube", "vault"])
+}
+
+resource "vault_generic_secret" "ansible_secrets" {
+  for_each = local.ansible_secrets
+
+  path      = "ansible/${each.key}"
+  data_json = file("/home/xenrox/decrypted/vault/${each.key}.json")
+}
+
+resource "vault_generic_secret" "users" {
+  for_each = local.users
+
+  path      = "ansible/users/${each.key}"
+  data_json = file("/home/xenrox/decrypted/vault/users/${each.key}.json")
 }
diff --git a/terraform_vault/secrets_engines.tf b/terraform_vault/secrets_engines.tf
new file mode 100644
index 0000000..c2c8908
--- /dev/null
+++ b/terraform_vault/secrets_engines.tf
@@ -0,0 +1,5 @@
+resource "vault_mount" "kv" {
+  path        = "ansible"
+  type        = "kv-v2"
+  description = "Ansible secrets store"
+}
-- 
2.44.0