diff --git a/ops/vault/cfg/authbackend-oidc.nix b/ops/vault/cfg/authbackend-oidc.nix index da774ee0ff..b98b5e3da1 100644 --- a/ops/vault/cfg/authbackend-oidc.nix +++ b/ops/vault/cfg/authbackend-oidc.nix @@ -7,7 +7,7 @@ oidc_discovery_url = "https://accounts.google.com"; oidc_client_id = "620300851636-6ha1a7t9r4gatrn9gdqa82toem3cbq3b.apps.googleusercontent.com"; - # oidc_client_secret in secrets.nix + oidc_client_secret = "\${data.vault_generic_secret.misc.data[\"oidcAuthToken\"]}"; }; my.authBackend.oidc = { diff --git a/ops/vault/cfg/config.nix b/ops/vault/cfg/config.nix index 0c5473b91e..769a1be9cb 100644 --- a/ops/vault/cfg/config.nix +++ b/ops/vault/cfg/config.nix @@ -2,8 +2,6 @@ { imports = [ - ./secrets.nix - ./policies-raw.nix ./policies-app.nix @@ -32,6 +30,10 @@ address = "https://vault.int.lukegb.com"; }; + data.vault_generic_secret.misc = { + path = "kv/misc-input"; + }; + my.apps.pomerium = {}; my.servers.etheroute-lon01.apps = [ "pomerium" ]; }