14 lines
449 B
HCL
14 lines
449 B
HCL
# Least-privilege policy for the External Secrets Operator issue-core pilot.
|
|
#
|
|
# The matching Kubernetes auth role binds only the ESO service account in the
|
|
# external-secrets namespace. ClusterSecretStore usage is separately limited to
|
|
# the issue-core namespace.
|
|
|
|
path "platform/data/workloads/issue-core/issue-core/*" {
|
|
capabilities = ["read"]
|
|
}
|
|
|
|
path "platform/metadata/workloads/issue-core/issue-core/*" {
|
|
capabilities = ["read", "list"]
|
|
}
|