services/vault
1
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

fixup config files and policies

Browse Source
This commit is contained in:
ducoterra
2021-07-13 18:08:43 -04:00
parent 6fd29d2a4b
commit 5bbe8337c0
4 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,2 +1,3 @@
cert-manager/ cert-manager/
certs/ certs/
backups/

2
helm/ha.yaml
View File

@@ -22,7 +22,7 @@ server:
} }
seal "transit" { seal "transit" {
address = "https://pivault.dnet" address = "http://3.14.3.104:8200"
disable_renewal = "false" disable_renewal = "false"
key_name = "autounseal" key_name = "autounseal"
mount_path = "transit/" mount_path = "transit/"

4
helm/pivault.yaml
View File

@@ -13,7 +13,7 @@ server:
config: | config: |
ui = true ui = true
listener "tcp" { listener "tcp" {z
tls_disable = 1 tls_disable = 1
address = "[::]:8200" address = "[::]:8200"
cluster_address = "[::]:8201" cluster_address = "[::]:8201"
@@ -46,4 +46,4 @@ server:
ui: ui:
enabled: true enabled: true
serviceType: ClusterIP serviceType: LoadBalancer

8
policies/ducoterra.hcl
View File

@@ -13,3 +13,11 @@ path "secret/*" {
path "dnet_inter/*" { path "dnet_inter/*" {
capabilities = ["create", "read", "update", "delete", "list"] capabilities = ["create", "read", "update", "delete", "list"]
} }
path "ssh-client-signer/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "ssh-host-signer/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}