vault: allow sso role to read portal admin secret

2026-01-15 03:46:58 -03:00 · 2026-01-15 03:46:58 -03:00 · c30f1fc587
commit c30f1fc587
parent bf9a24681c
1 changed files with 1 additions and 1 deletions
--- a/services/vault/scripts/vault_k8s_auth_configure.sh
+++ b/services/vault/scripts/vault_k8s_auth_configure.sh
@ -154,7 +154,7 @@ write_policy_and_role "gitea" "gitea" "gitea-vault" \
 write_policy_and_role "vaultwarden" "vaultwarden" "vaultwarden-vault" \
  "vaultwarden/* shared/postmark-relay" ""
 write_policy_and_role "sso" "sso" "sso-vault,sso-vault-sync,mas-secrets-ensure" \
-  "sso/* shared/keycloak-admin shared/portal-e2e-client shared/postmark-relay harbor-pull/sso" ""
+  "sso/* portal/bstein-dev-home-keycloak-admin shared/keycloak-admin shared/portal-e2e-client shared/postmark-relay harbor-pull/sso" ""
 write_policy_and_role "mailu-mailserver" "mailu-mailserver" "mailu-vault-sync" \
  "mailu/* shared/postmark-relay harbor-pull/mailu-mailserver" ""
 write_policy_and_role "harbor" "harbor" "harbor-vault-sync" \