titan-iac/services/vault/middleware.yaml

# services/vault/middleware.yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: vault-forward-auth
  namespace: vault
spec:
  forwardAuth:
    address: https://auth.bstein.dev/oauth2/auth
    trustForwardHeader: true
    authResponseHeaders:
      - Authorization
      - X-Auth-Request-Email
      - X-Auth-Request-User
      - X-Auth-Request-Groups