Add userpass login to Vault

vault-oidc-provider
IamTheFij 2 weeks ago
parent b4bb0f866e
commit 3033c581f3
  1. 10
      .secrets-baseline
  2. 8
      nomad/acls/vault_login.tf
  3. 9
      nomad/acls/vault_policies.tf
  4. 8
      nomad/bootstrap-values.yml
  5. 5
      nomad/vault_hashi_vault_values.example.yml

@ -199,8 +199,16 @@
"is_verified": false,
"line_number": 10,
"is_secret": false
},
{
"type": "Secret Keyword",
"filename": "nomad/vault_hashi_vault_values.example.yml",
"hashed_secret": "0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33",
"is_verified": false,
"line_number": 22,
"is_secret": false
}
]
},
"generated_at": "2022-07-25T23:35:15Z"
"generated_at": "2022-07-27T03:09:38Z"
}

@ -0,0 +1,8 @@
resource "vault_auth_backend" "userpass" {
type = "userpass"
tune {
max_lease_ttl = "1h"
listing_visibility = "unauth"
}
}

@ -0,0 +1,9 @@
resource "vault_policy" "admin" {
name = "admin"
policy = <<EOF
path "*" {
capabilities = ["create", "read", "update", "delete", "list", "sudo"]
}
EOF
}

@ -57,3 +57,11 @@
data:
"{{ item.value }}"
loop: "{{ hashi_vault_values | default({}) | dict2items }}"
- name: Write userpass
community.hashi_vault.vault_write:
url: "http://{{ inventory_hostname }}:8200"
token: "{{ root_token }}"
path: "auth/userpass/users/{{ item.name }}"
data: '{"password": "{{ item.password }}", "policies": "{{ item.policies }}"}'
loop: "{{ vault_userpass }}"

@ -16,3 +16,8 @@ hashi_vault_values:
alert_email_addresses: email@example.com
backups:
backup_passphrase: tellnoone
vault_userpass:
- name: admin
password: foo
policies: default

Loading…
Cancel
Save