From fb7e18260aa97be8877180ab2a32cd2b30b0f8ec Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Wed, 16 Mar 2022 00:06:46 +0000 Subject: [PATCH] ops/vault/cfg: where we're going, we don't need secrets.nix --- ops/vault/cfg/authbackend-oidc.nix | 2 +- ops/vault/cfg/config.nix | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ops/vault/cfg/authbackend-oidc.nix b/ops/vault/cfg/authbackend-oidc.nix index da774ee0ff..b98b5e3da1 100644 --- a/ops/vault/cfg/authbackend-oidc.nix +++ b/ops/vault/cfg/authbackend-oidc.nix @@ -7,7 +7,7 @@ oidc_discovery_url = "https://accounts.google.com"; oidc_client_id = "620300851636-6ha1a7t9r4gatrn9gdqa82toem3cbq3b.apps.googleusercontent.com"; - # oidc_client_secret in secrets.nix + oidc_client_secret = "\${data.vault_generic_secret.misc.data[\"oidcAuthToken\"]}"; }; my.authBackend.oidc = { diff --git a/ops/vault/cfg/config.nix b/ops/vault/cfg/config.nix index 0c5473b91e..769a1be9cb 100644 --- a/ops/vault/cfg/config.nix +++ b/ops/vault/cfg/config.nix @@ -2,8 +2,6 @@ { imports = [ - ./secrets.nix - ./policies-raw.nix ./policies-app.nix @@ -32,6 +30,10 @@ address = "https://vault.int.lukegb.com"; }; + data.vault_generic_secret.misc = { + path = "kv/misc-input"; + }; + my.apps.pomerium = {}; my.servers.etheroute-lon01.apps = [ "pomerium" ]; }