torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

vault: use public OIDC client for CLI localhost redirect support
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m5s
Details

Browse Source
This commit is contained in:
Torjus Håkestad
2026-02-09 19:26:41 +01:00
parent d7f6603620
commit 35a5a91fcf
4 changed files with 5 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
terraform/vault/oidc.tf
View File

@@ -1,10 +1,10 @@
# OIDC authentication backend for Kanidm integration
# Using a public client (no secret) to support CLI localhost redirects
resource "vault_jwt_auth_backend" "oidc" {
path = "oidc"
type = "oidc"
oidc_discovery_url = "https://auth.home.2rjus.net/oauth2/openid/openbao"
oidc_client_id = "openbao"
oidc_client_secret = random_password.auto_secrets["services/openbao/oauth2-client-secret"].result
default_role = "default"
tune {