16 lines
462 B
HCL
16 lines
462 B
HCL
# Read secrets from vault KV
|
|
path "[[ .vault.root ]]kv/data/service/[[ .instance ]]" {
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
# Get a consul token to access the kv store, where patroni will manage the leader lock
|
|
path "[[ .vault.root ]]consul/creds/[[ .instance ]]" {
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
# Get a certificate for patroni REST API and Postgres
|
|
[[- $c := merge .pg.server .pg . ]]
|
|
path "[[ $c.vault.pki.path ]]/issue/postgres-server" {
|
|
capabilities = ["update"]
|
|
}
|