Adapt to new vault common templates
This commit is contained in:
parent
fe7341b2e3
commit
4f6829a4d0
|
@ -2,7 +2,7 @@
|
|||
|
||||
set -euo pipefail
|
||||
|
||||
vault write database/roles/vaultwarden \
|
||||
vault write /database/roles/vaultwarden \
|
||||
db_name="postgres" \
|
||||
creation_statements="CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}'; \
|
||||
GRANT \"vaultwarden\" TO \"{{name}}\"; \
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
path "kv/data/service/vaultwarden" {
|
||||
path "/kv/data/service/vaultwarden" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "database/creds/vaultwarden" {
|
||||
path "/database/creds/vaultwarden" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
|
|
@ -153,7 +153,7 @@ job "vaultwarden" {
|
|||
|
||||
template {
|
||||
data = <<_EOT
|
||||
DATABASE_URL=postgresql://{{ with secret "database/creds/vaultwarden" }}{{ .Data.username }}{{ end }}:{{ with secret "database/creds/vaultwarden" }}{{ urlquery .Data.password }}{{ end }}@127.0.0.1:5432/vaultwarden]
|
||||
DATABASE_URL=postgresql://{{ with secret "/database/creds/vaultwarden" }}{{ .Data.username }}{{ end }}:{{ with secret "/database/creds/vaultwarden" }}{{ urlquery .Data.password }}{{ end }}@127.0.0.1:5432/vaultwarden]
|
||||
_EOT
|
||||
destination = "secrets/.db.env"
|
||||
perms = 400
|
||||
|
|
|
@ -31,8 +31,8 @@ vaultwarden:
|
|||
# Postgres settings
|
||||
postgres:
|
||||
database: '[[ .instance ]]'
|
||||
user: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
|
||||
password: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
|
||||
user: '{{ with secret "[[ .vault.root ]]database/creds/[[ .instance ]]" }}{{ .Data.username }}{{ end }}'
|
||||
password: '{{ with secret "[[ .vault.root ]]database/creds/[[ .instance ]]" }}{{ .Data.password }}{{ end }}'
|
||||
pooler:
|
||||
mode: session
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
path "[[ .vault.prefix ]]kv/data/service/[[ .instance ]]" {
|
||||
path "[[ .vault.root ]]kv/data/service/[[ .instance ]]" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "[[ .vault.prefix ]]database/creds/[[ .instance ]]" {
|
||||
path "[[ .vault.root ]]database/creds/[[ .instance ]]" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue