torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects 1 Releases Wiki Activity
Files
eee3dde04f1ae4e095ee87d0390aec174af10cff
nixos-servers/terraform/vault/policies.tf
Torjus Håkestad e9857afc11
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m12s
Details
Run nix flake check / flake-check (pull_request) Successful in 2m19s
Details
monitoring: use AppRole token for OpenBao metrics scraping 
Instead of creating a long-lived Vault token in Terraform (which gets
invalidated when Terraform recreates it), monitoring01 now uses its
existing AppRole credentials to fetch a fresh token for Prometheus.

Changes:
- Add prometheus-metrics policy to monitoring01's AppRole
- Remove vault_token.prometheus_metrics resource from Terraform
- Remove openbao-token KV secret from Terraform
- Add systemd service to fetch AppRole token on boot
- Add systemd timer to refresh token every 30 minutes

This ensures Prometheus always has a valid token without depending on
Terraform state or manual intervention.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 23:51:11 +01:00

204 B
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink