depot/ops/vault/cfg/authbackend-oidc.nix

19 lines
507 B
Nix

{ ... }:
{
resource.vault_jwt_auth_backend.oidc = {
default_role = "user";
namespace_in_state = true;
oidc_discovery_url = "https://accounts.google.com";
oidc_client_id = "620300851636-6ha1a7t9r4gatrn9gdqa82toem3cbq3b.apps.googleusercontent.com";
oidc_client_secret = "\${data.vault_generic_secret.misc.data[\"oidcAuthToken\"]}";
};
my.authBackend.oidc = {
resourceType = "vault_jwt_auth_backend";
tune.default_lease_ttl = "24h";
tune.max_lease_ttl = "24h";
};
}