disinto-admin/disinto
1
0
Fork 0
Code Issues 15 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge pull request 'fix: vault/policies/service-forgejo.hcl: path glob misses exact secret path (#900)' (#916) from fix/issue-900 into main
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/push/nomad-validate Pipeline was successful
Details

Browse source
This commit is contained in:
dev-qwen 2026-04-16 20:22:38 +00:00
commit 3e29a9a61d
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
vault/policies/service-forgejo.hcl
View file

@ -3,13 +3,13 @@
# Read-only access to shared Forgejo secrets (admin password, OAuth client
# config). Attached to the Forgejo Nomad job via workload identity (S2.4).
#
# Scope: kv/disinto/shared/forgejo/* entries owned by the operator and
# Scope: kv/disinto/shared/forgejo entries owned by the operator and
# shared between forgejo + the chat OAuth client (issue #855 lineage).
path "kv/data/disinto/shared/forgejo/*" {
path "kv/data/disinto/shared/forgejo" {
capabilities = ["read"]
}
path "kv/metadata/disinto/shared/forgejo/*" {
path "kv/metadata/disinto/shared/forgejo" {
capabilities = ["list", "read"]
}