Commit graph

7 commits

Author SHA1 Message Date
86f193d44a secretsmgr: add bare hostnames everywhere 2023-05-26 17:39:01 +01:00
9aa6298df4 ssh-ca: also sign for otter-acoustic.ts.net 2023-03-12 03:53:42 +00:00
2536214734 deluge: migrate auth file to vault 2022-04-09 20:59:11 +01:00
dbaabf1295 vault: deployer should be allowed to read nix-daemon secrets 2022-03-24 22:20:44 +00:00
7592e76a31 tokend: init
tokend is responsible for issuing service-scoped tokens based on the token held
and generated by the Vault Agent.

It can also generate "server-user" scoped tokens, which exist for convenience's
sake: they are not a strong attestation of the user on the machine, and have
limited privileges compared to a Vault token issued using e.g. `vault login
-method=oidc`.
2022-03-20 17:47:52 +00:00
08b68745f0 ops/vault: move policies to token_policies
I want to be able to rescope these policies down in tokend, which means that I
can't have policies attached to the server's *identity*. Instead, we put these
on the approle instead, which allows us to down-scope all of these.
2022-03-20 11:29:10 +00:00
23df8e3b18 ops/vault/cfg: initial configuration 2022-03-14 23:34:33 +00:00