...
| PlantUML Macro |
|---|
@startuml
rectangle vault_server as "Vault server" {
rectangle jwt_auth as "JWT Authauth method (GitHub)" {
collections jwt_roles as "JWT roles"
file jwt_role as "JWT role"
jwt_roles . jwt_role
}
collections vault_policies as "Vault policies"
file vault_policy as "Vault policy"
vault_policies . vault_policy
collections vault_secrets as "Vault secrets"
file vault_secret as "Vault secret"
vault_secrets . vault_secret
vault_policy --> vault_secret : allow read
}
rectangle github as "GitHub infra" {
file workflow as "Actions workflow"
node runner as "Actions runner"
database token_issuer as "Token issuer"
workflow --> runner
workflow -> token_issuer
circle token as "GitHub token"
token_issuer .> token
runner -> token
}
jwt_role <-- token : match on claims
jwt_role --> vault_policy : map to policy
@enduml |
...