ops/vault: allow servers to read their own wireguard keys

This commit is contained in:
Luke Granger-Brown 2023-01-15 19:23:53 +00:00
parent f053953bb6
commit 8731a6a37f

View file

@ -10,6 +10,14 @@ path "kv/metadata/server" {
capabilities = ["list"] capabilities = ["list"]
} }
# Can read secrets for their own Wireguard keys.
path "kv/data/apps/wireguard/{{identity.entity.name}}" {
capabilities = ["read"]
}
path "kv/metadata/apps/wireguard/{{identity.entity.name}}" {
capabilities = ["read"]
}
path "kv/metadata/+" { path "kv/metadata/+" {
capabilities = ["list"] capabilities = ["list"]
} }