ghndrx/authentik-terraform
1
0
Fork 0
mirror of https://github.com/ghndrx/authentik-terraform.git synced 2026-02-10 06:44:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(security): add comprehensive security policies and RBAC

Browse Source 
- Add security-policies.tf:
  - Strong password policy (12 chars, HIBP check, zxcvbn scoring)
  - Password reuse prevention (last 5 passwords)
  - Brute force protection (reputation policy, 5 attempt threshold)
  - MFA stages: TOTP, WebAuthn/Passkeys, recovery codes
  - MFA validation stage with configurable enforcement
  - Admin-only and MFA-required expression policies

- Add rbac-groups.tf:
  - Media group (Sonarr, Radarr, etc.)
  - Infrastructure group (Grafana, ArgoCD, etc.)
  - Home Automation group (Home Assistant)
  - Group-based access policies

- Fix main.tf: Remove SOPS, use variables for token
- Fix versions.tf: Remove unused SOPS provider
- Update README with security documentation
This commit is contained in:
Data (Clawdbot)
2026-02-02 16:05:04 +00:00
parent 814e41f3f2
commit 9a9a47a6a4
5 changed files with 327 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
versions.tf
View File

@@ -6,9 +6,5 @@ terraform {
source = "goauthentik/authentik"
version = "~> 2025.2"
}
sops = {
source = "carlpett/sops"
version = "~> 1.0"
}
}
}