15 lines
370 B
HCL
15 lines
370 B
HCL
# Read secrets from vault KV
|
|
path "/kv/data/service/postgres" {
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
# Get a consul token to access the kv store, where patroni will manage the leader lock
|
|
path "/consul/creds/postgres" {
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
# Get a certificate for patroni REST API and Postgres
|
|
path "/pki/postgres/issue/postgres-server" {
|
|
capabilities = ["update"]
|
|
}
|