scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Docs: GCP Project code missing from docs. (#29391)

Browse Source
This commit is contained in:
aphorise
2025-01-28 21:16:47 +01:00
committed by GitHub
parent 87d6876c6c
commit 4fcc547eba
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
website/content/docs/sync/gcpsm.mdx
View File

@@ -294,20 +294,16 @@ beginning of secret names. To prevent Vault from modifying secrets that were not
created by a sync operation, you can use a role binding against the resource
name with the `startsWith` condition:
<CodeBlockConfig hideClipboard>
```
resource.name.startsWith("projects/<project_number>/secrets/vault")
</CodeBlockConfig>
```
To prevent out-of-band overwrites, simply add a negative condition with `!` on any
write-access role bindings not being used by Vault that contain Secret Manager permissions:
<CodeBlockConfig hideClipboard>
```
!(resource.name.startsWith("projects/<project_number>/secrets/vault"))
</CodeBlockConfig>
```
To add conditions to IAM principles in GCP, click "+ADD IAM CONDITION" on the **Assign Roles** screen.