#vault (2021-08)
Discussions related to Hashicorp Vault
2021-08-06
Question: How would you manage vault configuration in a CI/CD pipeline? every example/tutorial I see shows how to write a single simple policy with a single command. ie.
vault policy write my-policy ./my-policy.hcl
..but my company’s vault github repo has dozens of .hcl files in multiple subdirectories:
/vault
/identities
/roles
app1.yml
app2.yml
/teams
app1.yml
app2.yml;
/policies
/program
/app1
app1.hcl
/app2
app2.hcl
There’s this whole structure, but I have no idea how a github action, or jenkins pipeline handles it. Does it recursively go through every file in the directory? Can you ask vault to search an entire directory for .hcl policies? Are there any examples or github repos out there that show such a setup?
We manager our vault roles through terraform, like with https://github.com/transcend-io/terraform-vault-role/blob/master/main.tf (not a super generally usable module, but it gets the idea across)
I see - so by adding a separate resource in any number of .tf files, the terraform plan/apply will automatically pick up the vault roles.
So the CI/CD is simply as if it’s any other terraform workspace