ghndrx/authentik-terraform
1
0
Fork 0
mirror of https://github.com/ghndrx/authentik-terraform.git synced 2026-02-09 22:34:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
authentik-terraform/versions.tf
Data (Clawdbot) 9a9a47a6a4 feat(security): add comprehensive security policies and RBAC 
- Add security-policies.tf:
  - Strong password policy (12 chars, HIBP check, zxcvbn scoring)
  - Password reuse prevention (last 5 passwords)
  - Brute force protection (reputation policy, 5 attempt threshold)
  - MFA stages: TOTP, WebAuthn/Passkeys, recovery codes
  - MFA validation stage with configurable enforcement
  - Admin-only and MFA-required expression policies

- Add rbac-groups.tf:
  - Media group (Sonarr, Radarr, etc.)
  - Infrastructure group (Grafana, ArgoCD, etc.)
  - Home Automation group (Home Assistant)
  - Group-based access policies

- Fix main.tf: Remove SOPS, use variables for token
- Fix versions.tf: Remove unused SOPS provider
- Update README with security documentation
2026-02-02 16:05:04 +00:00

11 lines
166 B
HCL
Raw Permalink Blame History

terraform {
required_version = ">= 1.5.0"
required_providers {
authentik = {
source = "goauthentik/authentik"
version = "~> 2025.2"
}
}
}
Reference in New Issue View Git Blame Copy Permalink