diff --git a/stacks/n8n/main.tf b/stacks/n8n/main.tf index 4e4f8de1..fb6b4309 100644 --- a/stacks/n8n/main.tf +++ b/stacks/n8n/main.tf @@ -47,6 +47,35 @@ resource "kubernetes_manifest" "external_secret" { depends_on = [kubernetes_namespace.n8n] } +resource "kubernetes_manifest" "external_secret_claude_agent" { + manifest = { + apiVersion = "external-secrets.io/v1beta1" + kind = "ExternalSecret" + metadata = { + name = "claude-agent-token" + namespace = "n8n" + } + spec = { + refreshInterval = "15m" + secretStoreRef = { + name = "vault-kv" + kind = "ClusterSecretStore" + } + target = { + name = "claude-agent-token" + } + data = [{ + secretKey = "api_bearer_token" + remoteRef = { + key = "claude-agent-service" + property = "api_bearer_token" + } + }] + } + } + depends_on = [kubernetes_namespace.n8n] +} + resource "kubernetes_persistent_volume_claim" "data_encrypted" { wait_until_bound = false metadata { @@ -207,6 +236,19 @@ resource "kubernetes_deployment" "n8n" { name = "WEBHOOK_URL" value = "https://n8n.viktorbarzin.me" } + env { + name = "CLAUDE_AGENT_API_TOKEN" + value_from { + secret_key_ref { + name = "claude-agent-token" + key = "api_bearer_token" + } + } + } + env { + name = "N8N_BLOCK_ENV_ACCESS_IN_NODE" + value = "false" + } volume_mount { name = "data" mount_path = "/home/node/.n8n" diff --git a/stacks/n8n/workflows/diun-upgrade.json b/stacks/n8n/workflows/diun-upgrade.json index fcb10994..3a3e852d 100644 --- a/stacks/n8n/workflows/diun-upgrade.json +++ b/stacks/n8n/workflows/diun-upgrade.json @@ -43,7 +43,7 @@ "sendHeaders": true, "headerParameters": { "parameters": [ - {"name": "Authorization", "value": "='Bearer ' + $env.CLAUDE_AGENT_API_TOKEN"}, + {"name": "Authorization", "value": "=Bearer {{ $env.CLAUDE_AGENT_API_TOKEN }}"}, {"name": "Content-Type", "value": "application/json"} ] },