35 lines
750 B
HCL
35 lines
750 B
HCL
provider "vault" {
|
|
address = "http://127.0.0.1:8200"
|
|
token = var.vault_root_token
|
|
}
|
|
|
|
data "vault_kv_secret_v2" "minio_creds" {
|
|
mount = "management"
|
|
name = "minio"
|
|
}
|
|
|
|
resource "vault_mount" "platform" {
|
|
path = "platform"
|
|
type = "kv"
|
|
options = { version = "2" }
|
|
description = "KV Version 2 secret engine mount for management"
|
|
}
|
|
|
|
resource "vault_policy" "platform" {
|
|
name = "platform"
|
|
|
|
policy = <<EOT
|
|
path "platform/*" {
|
|
capabilities = ["create", "read", "update", "delete", "list"]
|
|
}
|
|
# Add other necessary permissions
|
|
EOT
|
|
}
|
|
|
|
resource "vault_token" "platform" {
|
|
policies = [vault_policy.platform.name]
|
|
renewable = true
|
|
ttl = "720h" # 30 days
|
|
period = "720h" # Will be renewed every 30 days
|
|
}
|