Grant access to /certs of all services

2023-12-09 23:05:41 +01:00 · 2023-12-09 23:05:41 +01:00 · c54f412228
parent ee3cb24a67
commit c54f412228
2 changed files with 3 additions and 3 deletions
--- a/variables.yml
+++ b/variables.yml
@ -5,7 +5,7 @@ acme:
  instance: acme-to-vault

  # The Docker image to use
-  image: danielberteaud/acme-to-vault:23.11-2
+  image: danielberteaud/acme-to-vault:23.12-1

  # If a cron expression is defined, the service will stay running and renew certs.
  # If an empty string, the container will exit after running once
--- a/vault/policies/acme-to-vault.hcl
+++ b/vault/policies/acme-to-vault.hcl
@ -1,7 +1,7 @@
-path "[[ .vault.prefix ]]kv/data/service/traefik/certs/*" {
+path "[[ .vault.prefix ]]kv/data/service/*/certs/*" {
  capabilities = ["read","create","update"]
 }
-path "[[ .vault.prefix ]]kv/metadata/service/traefik/certs" {
+path "[[ .vault.prefix ]]kv/metadata/service/*/certs" {
  capabilities = ["list","read"]
 }