add vault secret of gitea backups

2025-05-12 02:06:46 +02:00
parent 45dfd864e0
commit 9cac367f07
5 changed files with 77 additions and 5 deletions
--- a/vault/kubernetes-roles/backup.yaml
+++ b/vault/kubernetes-roles/backup.yaml
@@ -0,0 +1,6 @@
+bound_service_account_names:
+  - backup
+bound_service_account_namespaces:
+  - gitea
+token_policies:
+  - backup
--- a/vault/policy/backup.hcl
+++ b/vault/policy/backup.hcl
@@ -0,0 +1,7 @@
+path "secret/data/restic" {
+    capabilities = ["read"]
+}
+
+path "secret/data/backblaze" {
+    capabilities = ["read"]
+}