40 lines
834 B
HCL
40 lines
834 B
HCL
# Create Vault token with the nomad-server role
|
|
path "auth/token/create/nomad-server" {
|
|
capabilities = ["update"]
|
|
}
|
|
|
|
# Create Vault token with the consul-server role
|
|
path "auth/token/create/consul-server" {
|
|
capabilities = ["update"]
|
|
}
|
|
|
|
# Create Consul token with the nomad-server role
|
|
path "consul/creds/nomad-server" {
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
# Create consul tokens, for backups
|
|
path "consul/creds/backup" {
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
# Obtain a cert for Consul agent
|
|
path "pki/consul/issue/consul-server" {
|
|
capabilities = [ "update" ]
|
|
}
|
|
|
|
# Obtain a cert for Nomad agent
|
|
path "pki/nomad/issue/nomad-server" {
|
|
capabilities = [ "update" ]
|
|
}
|
|
|
|
# Create Nomad token, for backups
|
|
path "nomad/creds/backup" {
|
|
capabilities = [ "read" ]
|
|
}
|
|
|
|
# Backup vault itself
|
|
path "sys/storage/raft/snapshot" {
|
|
capabilities = ["read"]
|
|
}
|