diff --git a/ops/vault/cfg/servers.nix b/ops/vault/cfg/servers.nix index f9c189d632..18b39595a3 100644 --- a/ops/vault/cfg/servers.nix +++ b/ops/vault/cfg/servers.nix @@ -83,14 +83,14 @@ in { secret_id_num_uses = 0; token_ttl = minutes 20; token_max_ttl = minutes 30; + token_policies = + ["default" "server" "\${vault_policy.${serverCfg.resourceName}.name}"] + ++ serverCfg.extraPolicies + ++ (map (name: "\${vault_policy.app_${name}.name}") serverCfg.apps); }; vault_identity_entity.${serverCfg.resourceName} = { name = serverName; - policies = - ["default" "server" "\${vault_policy.${serverCfg.resourceName}.name}"] - ++ serverCfg.extraPolicies - ++ (map (name: "\${vault_policy.app_${name}.name}") serverCfg.apps); metadata.server = serverName; };