From a2720f6a4c334abe076c26b8314ace8bf9b4bcaa Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sun, 15 Mar 2026 18:22:29 +0000 Subject: [PATCH] claude-memory: read DB password from Vault KV instead of tfvars Vault DB engine rotates the password every 24h, so the static tfvars value was stale. Now reads from secret/claude-memory db_password key. --- stacks/claude-memory/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stacks/claude-memory/main.tf b/stacks/claude-memory/main.tf index 6e4cdab2..0e4f1708 100644 --- a/stacks/claude-memory/main.tf +++ b/stacks/claude-memory/main.tf @@ -111,7 +111,7 @@ resource "kubernetes_deployment" "claude-memory" { env { name = "DATABASE_URL" - value = "postgresql://claude_memory:${var.claude_memory_db_password}@${var.postgresql_host}:5432/claude_memory" + value = "postgresql://claude_memory:${data.vault_kv_secret_v2.secrets.data["db_password"]}@${var.postgresql_host}:5432/claude_memory" } env { name = "API_KEY"