Add `setup-approle` to automatically create a Vault AppRole & policy

genesis-community / concourse-genesis-kit

A Genesis Kit for Concourse CI/CD

MIT License

6 stars 13 forks source link

Add `setup-approle` to automatically create a Vault AppRole & policy #38

Closed Proplex closed 6 years ago

Proplex commented 6 years ago

This PR adds a new addon command called setup-approle, which creates an AppRole named genesis-pipelines with the policy genesis-pipelines that grants read access to secret/* and write access to secret/exodus/*. It then adds this information to the Concourse vault path.

In a future version of Genesis (soon), genesis repipe will automatically grab this information from the Vault rather than requiring an operator to extract these creds and place them into ci.yml.

Proplex commented 6 years ago

Feedback addressed! I've changed the Vault paths to use - (on both this PR and the Genesis PR)