allow specifying the vault jwt token directly

moo-im-a-cow · moo-im-a-cow · commit a6c156e7dab9 · 2025-04-22T15:51:05.000+10:00
diff --git a/vault-jwt/main.tf b/vault-jwt/main.tf
@@ -20,6 +20,13 @@ variable "vault_addr" {
   description = "The address of the Vault server."
 }
 
+variable "vault_jwt_token" {
+  type        = string
+  description = "The JWT token used for authentication with Vault."
+  default     = data.coder_workspace_owner.me.oidc_access_token
+  sensitive   = true
+}
+
 variable "vault_jwt_auth_path" {
   type        = string
   description = "The path to the Vault JWT auth method."
@@ -46,7 +53,7 @@ resource "coder_script" "vault" {
   display_name = "Vault (GitHub)"
   icon         = "/icon/vault.svg"
   script = templatefile("${path.module}/run.sh", {
-    CODER_OIDC_ACCESS_TOKEN : data.coder_workspace_owner.me.oidc_access_token,
+    CODER_OIDC_ACCESS_TOKEN : var.vault_jwt_token,
     VAULT_JWT_AUTH_PATH : var.vault_jwt_auth_path,
     VAULT_JWT_ROLE : var.vault_jwt_role,
     VAULT_CLI_VERSION : var.vault_cli_version,
