Commit graph

9 commits

Author SHA1 Message Date
08b68745f0 ops/vault: move policies to token_policies
I want to be able to rescope these policies down in tokend, which means that I
can't have policies attached to the server's *identity*. Instead, we put these
on the approle instead, which allows us to down-scope all of these.
2022-03-20 11:29:10 +00:00
4020f310ce ops/vault: destroy existing secrets before provisioning a new one 2022-03-20 10:20:25 +00:00
132cb805b3 ops/vault: use wrapping token to protect secret IDs in transit 2022-03-20 10:14:02 +00:00
148e071c21 ops/vault/cfg: add acme-ca 2022-03-16 00:18:47 +00:00
fb7e18260a ops/vault/cfg: where we're going, we don't need secrets.nix 2022-03-16 00:06:46 +00:00
23df8e3b18 ops/vault/cfg: initial configuration 2022-03-14 23:34:33 +00:00
92998b5d36 ops/vault/cfg: init terranix stuff 2022-03-14 21:29:15 +00:00
8c6c7af3f7 ops/vault: add reissue-secret-id utility 2022-03-14 21:28:16 +00:00
7c418666fe ops/nixos: add some vault-agent setup 2022-01-23 23:38:40 +00:00