From ffaf95d109bd42355e39a6dff2f3dfb641dd16fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Fri, 13 Feb 2026 21:27:43 +0100
Subject: [PATCH] terraform: add Vault secret for garage01 environment

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 terraform/vault/secrets.tf   | 6 ++++++
 terraform/vault/variables.tf | 7 +++++++
 2 files changed, 13 insertions(+)

diff --git a/terraform/vault/secrets.tf b/terraform/vault/secrets.tf
index 4ac9ec8..e461a37 100644
--- a/terraform/vault/secrets.tf
+++ b/terraform/vault/secrets.tf
@@ -107,6 +107,12 @@ locals {
       data          = { nkey = var.homelab_deploy_scheduler_nkey }
     }
 
+    # Garage S3 environment (RPC secret + admin token)
+    "hosts/garage01/garage" = {
+      auto_generate = false
+      data          = { env = var.garage_env }
+    }
+
     # Kanidm idm_admin password
     "kanidm/idm-admin-password" = {
       auto_generate   = true
diff --git a/terraform/vault/variables.tf b/terraform/vault/variables.tf
index a0ea1a3..7aae456 100644
--- a/terraform/vault/variables.tf
+++ b/terraform/vault/variables.tf
@@ -88,6 +88,13 @@ variable "nixos_exporter_nkey" {
   sensitive   = true
 }
 
+variable "garage_env" {
+  description = "Garage environment file contents (GARAGE_RPC_SECRET and GARAGE_ADMIN_TOKEN)"
+  type        = string
+  default     = "PLACEHOLDER"
+  sensitive   = true
+}
+
 variable "radarr_api_key" {
   description = "Radarr API key for exportarr metrics"
   type        = string