Skip to content
This repository was archived by the owner on Jan 13, 2025. It is now read-only.

Commit 83f55d4

Browse files
author
Christophe - CC4
committed
fix: change registration auth by changing to token auth
1 parent 847e470 commit 83f55d4

File tree

3 files changed

+6
-101
lines changed

3 files changed

+6
-101
lines changed

applications/modules/vault/auth_registration.tf

+6-14
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,9 @@
1-
resource "vault_auth_backend" "registration-cert" {
2-
path = "registration-cert"
3-
type = "cert"
4-
}
1+
resource "vault_token_auth_backend_role" "registration-token" {
2+
role_name = "registration-token"
53

6-
resource "vault_cert_auth_backend_role" "registration-cert" {
7-
name = "registration-cert"
8-
backend = vault_auth_backend.registration-cert.path
4+
allowed_policies = [vault_policy.devices-policy.name]
5+
renewable = false
96

10-
certificate = vault_pki_secret_backend_intermediate_set_signed.registration_intermediate.certificate
11-
allowed_organizational_units = ["Registration"]
12-
allowed_common_names = ["registration.${var.domain}"]
13-
14-
token_ttl = 300
15-
token_max_ttl = 600
16-
token_policies = [vault_policy.devices-policy.name]
7+
token_ttl = 31536000 # 1 year
8+
token_max_ttl = 31536000 # 1 year
179
}

applications/modules/vault/ca_registration.tf

-49
This file was deleted.

applications/modules/vault/registration.tf

-38
This file was deleted.

0 commit comments

Comments
 (0)