deploy/policy/templates/conjur-secrets.template.sh.yml
#!/bin/bash
set -euo pipefail
cat << EOL
# Should be loaded into root
- !policy
id: secrets
body:
- &variables
- !variable test_secret
- !variable ssh_key
- !variable json_object_secret
- !variable another_test_secret
- !variable var with spaces
- !variable var+with+pluses
- !variable umlaut
- !variable encoded
- !variable url
- !variable username
- !variable password
- !layer users
- !permit
resources: *variables
role: !layer users
privileges: [ read, execute ]
- !grant
role: !layer secrets/users
members:
- !host conjur/authn-k8s/${AUTHENTICATOR_ID}/apps/${APP_NAMESPACE_NAME}/*/*
EOL