fix: vault/policies/service-forgejo.hcl: path glob misses exact secret path (#900)
All checks were successful
All checks were successful
This commit is contained in:
Agent
parent
6dcc36cc8d
commit
98a4f8e362
1 changed files with 3 additions and 3 deletions
|
|
@ -3,13 +3,13 @@
|
|||
# Read-only access to shared Forgejo secrets (admin password, OAuth client
|
||||
# config). Attached to the Forgejo Nomad job via workload identity (S2.4).
|
||||
#
|
||||
# Scope: kv/disinto/shared/forgejo/* — entries owned by the operator and
|
||||
# Scope: kv/disinto/shared/forgejo — entries owned by the operator and
|
||||
# shared between forgejo + the chat OAuth client (issue #855 lineage).
|
||||
|
||||
path "kv/data/disinto/shared/forgejo/*" {
|
||||
path "kv/data/disinto/shared/forgejo" {
|
||||
capabilities = ["read"]
|
||||
}
|
||||
|
||||
path "kv/metadata/disinto/shared/forgejo/*" {
|
||||
path "kv/metadata/disinto/shared/forgejo" {
|
||||
capabilities = ["list", "read"]
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue