vault: harden oidc claims type

2026-01-15 02:18:50 -03:00 · 2026-01-15 02:18:50 -03:00 · d69545cdb5
commit d69545cdb5
parent 756a1af2e6
1 changed files with 4 additions and 0 deletions
--- a/services/vault/scripts/vault_oidc_configure.sh
+++ b/services/vault/scripts/vault_oidc_configure.sh
@ -45,6 +45,10 @@ groups_claim="${VAULT_OIDC_GROUPS_CLAIM:-groups}"
 redirect_uris="${VAULT_OIDC_REDIRECT_URIS:-https://secret.bstein.dev/ui/vault/auth/oidc/oidc/callback}"
 bound_audiences="${VAULT_OIDC_BOUND_AUDIENCES:-${VAULT_OIDC_CLIENT_ID}}"
 bound_claims_type="${VAULT_OIDC_BOUND_CLAIMS_TYPE:-string}"
 bound_claims_type="$(printf '%s' "${bound_claims_type}" | tr -d '[:space:]')"
 if [ -z "${bound_claims_type}" ]; then
  bound_claims_type="string"
 fi
 admin_group="${VAULT_OIDC_ADMIN_GROUP:-admin}"
 admin_policies="${VAULT_OIDC_ADMIN_POLICIES:-default,vault-admin}"