From 679d2f3286cb042a348e1f8212cf5e4effd110c9 Mon Sep 17 00:00:00 2001 From: Patrick de Ruiter Date: Wed, 19 Nov 2025 00:20:23 +0100 Subject: [PATCH] Moved renovate settings and credentials to vault --- data.tf | 7 +++---- main.tf | 6 +++--- variables.tf | 28 ---------------------------- 3 files changed, 6 insertions(+), 35 deletions(-) diff --git a/data.tf b/data.tf index 48c32a7..661d4aa 100644 --- a/data.tf +++ b/data.tf @@ -3,7 +3,6 @@ data "vault_generic_secret" "dns" { path = "secret/dns" } -# Optional: Get Ansible EDA secrets from Vault (uncomment if needed) -#data "vault_generic_secret" "ansible_eda" { -# path = "secret/ansible-eda" -#} +data "vault_generic_secret" "renovate" { + path = "secret/renovate" +} diff --git a/main.tf b/main.tf index 3554aad..46fc300 100644 --- a/main.tf +++ b/main.tf @@ -32,9 +32,9 @@ resource "docker_container" "renovate" { # Environment variables for Renovate env = concat( [ - "RENOVATE_PLATFORM=${var.renovate_platform}", - "RENOVATE_ENDPOINT=${var.renovate_endpoint}", - "RENOVATE_TOKEN=${var.renovate_token}", + "RENOVATE_PLATFORM=${data.vault_generic_secret.renovate.data["renovate_platform"]}", + "RENOVATE_ENDPOINT=${data.vault_generic_secret.renovate.data["renovate_endpoint"]}", + "RENOVATE_TOKEN=${data.vault_generic_secret.renovate.data["renovate_token"]}", "RENOVATE_GIT_AUTHOR=${var.renovate_git_author}", "RENOVATE_AUTODISCOVER=${var.renovate_autodiscover}", "LOG_LEVEL=${var.log_level}" diff --git a/variables.tf b/variables.tf index 0ef704e..e215c9c 100644 --- a/variables.tf +++ b/variables.tf @@ -52,34 +52,6 @@ variable "create_cname_record" { } # Renovate Platform Configuration -variable "renovate_platform" { - description = "Git platform to use (gitea, github, gitlab, etc.)" - type = string - default = "gitea" -} - -variable "renovate_endpoint" { - description = "API endpoint for the git platform (e.g., https://gitea.example.com/api/v1/)" - type = string -} - -variable "renovate_token" { - description = "Personal access token for Renovate bot authentication" - type = string - sensitive = true -} - -variable "renovate_git_author" { - description = "Git author for Renovate commits (e.g., 'Renovate Bot ')" - type = string - default = "Renovate Bot " -} - -variable "renovate_username" { - description = "Username of the Renovate bot account" - type = string - default = "renovate-bot" -} variable "renovate_autodiscover" { description = "Enable autodiscovery of repositories"