bff for callbacks

2026-03-01 02:04:15 +01:00
parent 709df51512
commit 86eab3bb70
44 changed files with 1563 additions and 25 deletions
--- a/ci/dev/README.md
+++ b/ci/dev/README.md
@@ -65,7 +65,7 @@ Examples:

 Infrastructure (MongoDB, NATS) uses plain `.env.dev` credentials.

-Callbacks, Chain, and TRON run Vault Agent sidecars with AppRole.
+Callbacks, BFF, Chain, and TRON run Vault Agent sidecars with AppRole.
 Set the corresponding `*_VAULT_ROLE_ID` and `*_VAULT_SECRET_ID` values in `.env.dev`.

 ## Network
--- a/ci/dev/vault-agent/bff.hcl
+++ b/ci/dev/vault-agent/bff.hcl
@@ -0,0 +1,21 @@
+vault {
+  address = "http://dev-vault:8200"
+}
+
+auto_auth {
+  method "approle" {
+    mount_path = "auth/approle"
+    config = {
+      role_id_file_path    = "/run/vault/role_id"
+      secret_id_file_path  = "/run/vault/secret_id"
+    }
+  }
+
+  sink "file" {
+    config = {
+      path = "/run/vault/token"
+      mode = 0600
+    }
+  }
+}
+