bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vault: allow sso role to read portal admin secret

Browse Source
This commit is contained in:
Brad Stein 2026-01-15 03:46:58 -03:00
parent bf9a24681c
commit c30f1fc587
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
services/vault/scripts/vault_k8s_auth_configure.sh
View File

@ -154,7 +154,7 @@ write_policy_and_role "gitea" "gitea" "gitea-vault" \
write_policy_and_role "vaultwarden" "vaultwarden" "vaultwarden-vault" \
"vaultwarden/* shared/postmark-relay" ""
write_policy_and_role "sso" "sso" "sso-vault,sso-vault-sync,mas-secrets-ensure" \
"sso/* shared/keycloak-admin shared/portal-e2e-client shared/postmark-relay harbor-pull/sso" ""
"sso/* portal/bstein-dev-home-keycloak-admin shared/keycloak-admin shared/portal-e2e-client shared/postmark-relay harbor-pull/sso" ""
write_policy_and_role "mailu-mailserver" "mailu-mailserver" "mailu-vault-sync" \
"mailu/* shared/postmark-relay harbor-pull/mailu-mailserver" ""
write_policy_and_role "harbor" "harbor" "harbor-vault-sync" \