magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-29 19:46:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
dotfiles/hashicorp/vault/vault.toothpick.vault-policy.hcl
Magic_RB e75aef331d
Add toothpick 
Signed-off-by: Magic_RB <magic_rb@redalder.org>
2021-08-19 18:24:40 +02:00

67 lines
1.4 KiB
HCL
Raw Blame History

path "auth/cert/certs/vault.toothpick" {
capabilities = [ "update" ]
allowed_parameters = {
ttl = [ "3600" ]
policies = [ "vault.toothpick" ]
display_name = [ "vault.toothpick" ]
certificate = []
}
}
path "pki_dynra/issue/vault.toothpick" {
capabilities = [ "update" ]
allowed_parameters = {
common_name = [ "vault.toothpick.dyn.redalder.org" ]
ttl = [ "24h" ]
alt_names = [ "localhost" ]
ip_sans = [ "127.0.0.1" ]
}
}
path "pki_dynra/issue/consul.toothpick" {
capabilities = [ "update" ]
allowed_parameters = {
common_name = [ "consul.toothpick.dyn.redalder.org" ]
ttl = [ "24h" ]
alt_names = [ "localhost" ]
ip_sans = [ "127.0.0.1" ]
}
}
path "pki_dynta/cert/ca" {
capabilities = [ "read" ]
allowed_parameters = {}
}
path "kv/data/systems/toothpick/nomad" {
capabilities = [ "read" ]
allowed_parameters = {}
}
path "kv/data/systems/toothpick/consul" {
capabilities = [ "read" ]
allowed_parameters = {}
}
# Consul Managed PKI Mounts
path "/sys/mounts" {
capabilities = [ "read" ]
}
path "/sys/mounts/connect_root" {
capabilities = [ "create", "read", "update", "delete", "list" ]
}
path "/sys/mounts/connect_inter" {
capabilities = [ "create", "read", "update", "delete", "list" ]
}
path "/connect_root/*" {
capabilities = [ "create", "read", "update", "delete", "list" ]
}
path "/connect_inter/*" {
capabilities = [ "create", "read", "update", "delete", "list" ]
}
Reference in a new issue View git blame Copy permalink