From b509234aeeabe27c0c2cd3f597ab4c5760477beb Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Fri, 2 Jan 2026 18:05:17 -0300
Subject: [PATCH] bstein-dev-home: allow vaultwarden admin secret read

---
 services/bstein-dev-home/rbac.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/services/bstein-dev-home/rbac.yaml b/services/bstein-dev-home/rbac.yaml
index 6717b45..cbc8050 100644
--- a/services/bstein-dev-home/rbac.yaml
+++ b/services/bstein-dev-home/rbac.yaml
@@ -29,6 +29,29 @@ subjects:
     namespace: bstein-dev-home
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: bstein-dev-home-vaultwarden-admin-secret-reader
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get"]
+    resourceNames: ["vaultwarden-admin"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: bstein-dev-home-vaultwarden-admin-secret-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: bstein-dev-home-vaultwarden-admin-secret-reader
+subjects:
+  - kind: ServiceAccount
+    name: bstein-dev-home
+    namespace: bstein-dev-home
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: bstein-dev-home-vaultwarden-admin-token-reader