vault: add OpenBao OIDC integration with Kanidm

2026-02-09 19:20:13 +01:00
parent 2f5a2a4bf1
commit d7f6603620
5 changed files with 127 additions and 0 deletions
--- a/terraform/vault/secrets.tf
+++ b/terraform/vault/secrets.tf
@@ -115,6 +115,12 @@ locals {
      password_length = 64
    }

+    # OpenBao OAuth2 client secret (for Kanidm OIDC)
+    "services/openbao/oauth2-client-secret" = {
+      auto_generate   = true
+      password_length = 64
+    }
+
    # NKey for nixos-exporter NATS cache sharing
    "shared/nixos-exporter/nkey" = {
      auto_generate = false