-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathvault-config.tf
41 lines (37 loc) · 984 Bytes
/
vault-config.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
data "http" "nomad_server_policy" {
url = "https://nomadproject.io/data/vault/nomad-server-policy.hcl"
}
resource "vault_policy" "nomad-server" {
name = "nomad-server"
policy = data.http.nomad_server_policy.response_body
depends_on = [
hcp_vault_cluster.demo_hcp_vault
]
}
resource "vault_token_auth_backend_role" "nomad-cluster" {
role_name = "nomad-cluster"
disallowed_policies = ["nomad-server"]
orphan = true
token_period = "259200"
renewable = true
token_explicit_max_ttl = 0
depends_on = [
hcp_vault_cluster.demo_hcp_vault
]
}
resource "vault_token" "nomad_server" {
policies = ["nomad-server"]
renewable = true
ttl = "72h"
no_parent = true
depends_on = [
hcp_vault_cluster.demo_hcp_vault
]
}
output "nomad_server_vault_token" {
value = vault_token.nomad_server.client_token
sensitive = true
depends_on = [
hcp_vault_cluster.demo_hcp_vault
]
}