From 7948f53d1d763ab743eacdf2cc1725c3b5c460c3 Mon Sep 17 00:00:00 2001
From: Lumpiasty <arek.dzski@gmail.com>
Date: Sat, 14 Mar 2026 20:12:01 +0100
Subject: [PATCH] add authentik vault policies

---
 vault/kubernetes-roles/authentik.yaml | 6 ++++++
 vault/policy/authentik.hcl            | 3 +++
 2 files changed, 9 insertions(+)
 create mode 100644 vault/kubernetes-roles/authentik.yaml
 create mode 100644 vault/policy/authentik.hcl

diff --git a/vault/kubernetes-roles/authentik.yaml b/vault/kubernetes-roles/authentik.yaml
new file mode 100644
index 0000000..bf99e04
--- /dev/null
+++ b/vault/kubernetes-roles/authentik.yaml
@@ -0,0 +1,6 @@
+bound_service_account_names:
+  - authentik-secret
+bound_service_account_namespaces:
+  - authentik
+token_policies:
+  - authentik
diff --git a/vault/policy/authentik.hcl b/vault/policy/authentik.hcl
new file mode 100644
index 0000000..916bb88
--- /dev/null
+++ b/vault/policy/authentik.hcl
@@ -0,0 +1,3 @@
+path "secret/data/authentik" {
+    capabilities = ["read"]
+}