viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

recruiter-responder: vault DB role + switch proactive push to Telegram

Browse source 
- stacks/vault/main.tf: register pg-recruiter-responder static role on
  the postgresql connection (7d password rotation). Adds the role to
  allowed_roles and creates vault_database_secret_backend_static_role
  for `recruiter_responder` user.
- stacks/recruiter-responder/main.tf: drop TASK_WEBHOOK_URL env, swap
  TASK_WEBHOOK_TOKEN secret for TELEGRAM_BOT_TOKEN + TELEGRAM_CHAT_ID.
  Updated header doc.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-05-15 22:47:45 +00:00 committed by Viktor Barzin
parent 89e9471e87
commit a72590db7d
2 changed files with 15 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
stacks/vault/main.tf
View file

@ -577,6 +577,7 @@ resource "vault_database_secret_backend_connection" "postgresql" {
"pg-terraform-state", "pg-payslip-ingest", "pg-job-hunter",
"pg-wealthfolio-sync", "pg-fire-planner",
"pg-postiz", "pg-instagram-poster",
"pg-recruiter-responder",
]
postgresql {
@ -765,6 +766,14 @@ resource "vault_database_secret_backend_static_role" "pg_instagram_poster" {
rotation_period = 604800
}
resource "vault_database_secret_backend_static_role" "pg_recruiter_responder" {
backend = vault_mount.database.path
db_name = vault_database_secret_backend_connection.postgresql.name
name = "pg-recruiter-responder"
username = "recruiter_responder"
rotation_period = 604800
}
# =============================================================================
# Kubernetes Secrets Engine Dynamic K8s Credentials
# =============================================================================