Page MenuHomeDevCentral
Differential D4026

Deploy or rotate Vault secrets
Needs ReviewPublic
Actions

Authored by dereckson on Mon, Mar 23, 00:32.
This revision needs review, but there are no reviewers specified.

Details

Reviewers
None
Summary

Terraform/OpenTofu is handling both the policies and the credentials to allow
other applications to connect themselves to Vault.

Once the AppRole have been created or updated in Vault by Terraform/OpenTofu,
the relevant configuration files with AppRole credentials must be provisioned.

This make deploy-secrets target allows to automate each steps and do a full
secrets rotation.

Reference: https://agora.nasqueron.org/Operations_grimoire/Deploy_with_Terraform

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
deploy-secrets
Build Status
Buildable 6524
Build 6808: arc lint + arc unit

Event Timeline

dereckson requested review of this revision.Mon, Mar 23, 00:32
dereckson created this revision.
Harbormaster completed remote builds in B6524: Diff 10511.Mon, Mar 23, 00:32
dereckson retitled this revision from Once the AppRole have been created or updated in Vault by Terraform/OpenTofu, the relevant configuration files with AppRole credentials must be provisioned. to Deploy or rotate Vault secrets.Mon, Mar 23, 08:44
dereckson edited the summary of this revision. (Show Details)
dereckson added a comment.Mon, Mar 23, 14:21

Note: we're deploying a third secret for CARP routers scripts. If we've already that code merged, we'll need to append a line to deploy that state too.

dereckson added a comment.Mon, Mar 23, 14:26
In D4026#62889, @dereckson wrote:

Note: we're deploying a third secret for CARP routers scripts. If we've already that code merged, we'll need to append a line to deploy that state too.

How to target router-002 and router-003 through grains
-G, --grain
The target expression matches values returned by the Salt grains system on the minions. The target expression is in the format of '<grain value>:<glob expression>'; example: 'os:Arch*'

This was changed in version 0.9.8 to accept glob expressions instead of regular expression. To use regular expression matching with grains, use the --grain-pcre option.

--grain-pcre
The target expression matches values returned by the Salt grains system on the minions. The target expression is in the format of '<grain value>:< regular expression>'; example: 'os:Arch.*'

Revision Contents
Changeset List

PathSize
11 lines

Diff 10511

View Options

Makefile

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator