terraform: add Vault secret for garage01 environment

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

terraform/vault/secrets.tf

@@ -107,6 +107,12 @@ locals {
       data          = { nkey = var.homelab_deploy_scheduler_nkey }
     }
 
+    # Garage S3 environment (RPC secret + admin token)
+    "hosts/garage01/garage" = {
+      auto_generate = false
+      data          = { env = var.garage_env }
+    }
+
     # Kanidm idm_admin password
     "kanidm/idm-admin-password" = {
       auto_generate   = true

terraform/vault/variables.tf

@@ -88,6 +88,13 @@ variable "nixos_exporter_nkey" {
   sensitive   = true
 }
 
+variable "garage_env" {
+  description = "Garage environment file contents (GARAGE_RPC_SECRET and GARAGE_ADMIN_TOKEN)"
+  type        = string
+  default     = "PLACEHOLDER"
+  sensitive   = true
+}
+
 variable "radarr_api_key" {
   description = "Radarr API key for exportarr metrics"
   type        = string