Bump chart appVersion

charts/spiffe-vault/Chart.yaml

@@ -21,4 +21,4 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.3.0"
+appVersion: "v0.4.0"

example/vault/modules/secrets/main.tf

@@ -0,0 +1,43 @@
+resource "vault_mount" "kv_v2" {
+  path        = var.mount_path
+  type        = "kv-v2"
+  description = var.description
+}
+
+data "vault_policy_document" "fpl" {
+  rule {
+    path         = "${var.mount_path}/*"
+    capabilities = ["read", "list"]
+    description  = "Allow to access the fhir patient list secrets"
+  }
+}
+
+resource "vault_policy" "fpl" {
+  name   = var.mount_path
+  policy = data.vault_policy_document.fpl.hcl
+}
+
+resource "vault_generic_secret" "oidc" {
+  path = "${vault_mount.kv_v2.path}/oidc"
+
+  data_json = <<EOT
+{
+  "clientId": "${var.oidc.client_id}",
+  "clientSecret": "${var.oidc.client_secret}"
+}
+EOT
+}
+
+resource "vault_generic_secret" "gcp" {
+  path = "${vault_mount.kv_v2.path}/gcp"
+
+  data_json = <<EOT
+{
+  "projectId": "${var.gcp.project_id}",
+  "clientId": "${var.gcp.client_id}",
+  "serviceAccountUsername": "${var.gcp.service_account_username}",
+  "privateKeyId": "${var.gcp.private_key_id}",
+  "privateKey": "${replace(var.gcp.private_key, "\n", "\\n")}"
+}
+EOT
+}

example/vault/modules/secrets/outputs.tf

@@ -0,0 +1,3 @@
+output "policy" {
+  value = vault_policy.fpl.name
+}

example/vault/modules/secrets/providers.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.14.5"
+  required_providers {
+    vault = {
+      source  = "hashicorp/vault"
+      version = ">=2.22.1"
+    }
+  }
+}

example/vault/modules/secrets/variables.tf

@@ -0,0 +1,35 @@
+variable "mount_path" {
+  type        = string
+  description = "The mount path for the kv secrets engine"
+}
+
+variable "description" {
+  type        = string
+  description = "Description for your kv store"
+}
+
+variable "oidc" {
+  type = object({
+    client_id     = string
+    client_secret = string
+  })
+  sensitive = true
+}
+
+variable "gcp" {
+  type = object({
+    project_id               = string
+    client_id                = string
+    service_account_username = string
+    private_key_id           = string
+    private_key              = string
+  })
+  sensitive = true
+  default = {
+    project_id               = ""
+    client_id                = ""
+    service_account_username = ""
+    private_key_id           = ""
+    private_key              = ""
+  }
+}