diff --git a/clusters/mycluster-0/flux-system/gotk-sync.yaml b/clusters/mycluster-0/flux-system/gotk-sync.yaml
new file mode 100644
index 00000000..f52dca26
--- /dev/null
+++ b/clusters/mycluster-0/flux-system/gotk-sync.yaml
@@ -0,0 +1,27 @@
+# This manifest was generated by flux. DO NOT EDIT.
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: flux-system
+ namespace: flux-system
+spec:
+ interval: 1m0s
+ ref:
+ branch: chore_vault2openbao
+ secretRef:
+ name: flux-system
+ url: https://github.com/Smana/cloud-native-ref.git
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: flux-system
+ namespace: flux-system
+spec:
+ interval: 10m0s
+ path: ./clusters/mycluster-0
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: flux-system
diff --git a/clusters/mycluster-0/flux-system/kustomization.yaml b/clusters/mycluster-0/flux-system/kustomization.yaml
new file mode 100644
index 00000000..3842229e
--- /dev/null
+++ b/clusters/mycluster-0/flux-system/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- gotk-components.yaml
+- gotk-sync.yaml
diff --git a/dagger/main.go b/dagger/main.go
index de02875a..7a3a6e4b 100644
--- a/dagger/main.go
+++ b/dagger/main.go
@@ -228,7 +228,7 @@ func (m *CloudNativeRef) Network(
return container, nil
}
-type VaultConfig struct {
+type OpenBaoConfig struct {
Addr string
SkipVerify string
RootTokenUrl string
@@ -237,8 +237,8 @@ type VaultConfig struct {
Container *dagger.Container
}
-// Deploy and configure a Vault instance
-func (m *CloudNativeRef) Vault(
+// Deploy and configure a OpenBao instance
+func (m *CloudNativeRef) OpenBao(
ctx context.Context,
// source is the directory where the Terraform configuration is stored
@@ -251,11 +251,11 @@ func (m *CloudNativeRef) Vault(
// +default="priv.cloud.ogenki.io"
privateDomainName string,
- // openbaoAddr is the Vault address to use
+ // openbaoAddr is the OpenBao address to use
// +optional
openbaoAddr string,
- // openbaoSkipVerify is the Vault skip verify to use
+ // openbaoSkipVerify is the OpenBao skip verify to use
// +optional
// +default="true"
openbaoSkipVerify string,
@@ -264,7 +264,7 @@ func (m *CloudNativeRef) Vault(
// +optional
env []string,
-) (*VaultConfig, error) {
+) (*OpenBaoConfig, error) {
// mount the source directory
container := m.Container.
WithMountedDirectory(fmt.Sprintf("/%s", repoName), source).
@@ -279,19 +279,19 @@ func (m *CloudNativeRef) Vault(
return nil, err
}
- // Set the Vault address
+ // Set the OpenBao address
if openbaoAddr == "" && privateDomainName != "" {
- openbaoAddr = fmt.Sprintf("https://openbao.%s:8200", privateDomainName)
+ openbaoAddr = fmt.Sprintf("https://bao.%s:8200", privateDomainName)
}
- // Apply the Terraform Vault configuration
- openbaoOutput, err := createVault(ctx, container, "apply")
+ // Apply the Terraform OpenBao configuration
+ openbaoOutput, err := createOpenBao(ctx, container, "apply")
if err != nil {
return nil, err
}
- // Retrieve the Vault root token
- rootToken, err := initVault(openbaoOutput, sess)
+ // Retrieve the OpenBao root token
+ rootToken, err := initOpenBao(openbaoOutput, sess)
if err != nil {
return nil, err
}
@@ -306,14 +306,14 @@ func (m *CloudNativeRef) Vault(
WithEnvVariable("HTTP_PROXY", "http://tailscale:1055").
WithEnvVariable("http_proxy", "http://tailscale:1055")
- // Configure the Vault PKI
- _, err = configureVaultPKI(ctx, container, sess, fmt.Sprintf("certificates/%s/root-ca", privateDomainName))
+ // Configure the OpenBao PKI
+ _, err = configureOpenBaoPKI(ctx, container, sess, fmt.Sprintf("certificates/%s/root-ca", privateDomainName))
if err != nil {
return nil, err
}
- // Configure the Vault (policies, auth methods, etc.)
- _, err = configureVault(ctx, container, "apply")
+ // Configure the OpenBao (policies, auth methods, etc.)
+ _, err = configureOpenBao(ctx, container, "apply")
if err != nil {
return nil, err
}
@@ -324,7 +324,7 @@ func (m *CloudNativeRef) Vault(
return nil, err
}
- return &VaultConfig{
+ return &OpenBaoConfig{
Addr: openbaoAddr,
SkipVerify: openbaoSkipVerify,
CertManagerRoleID: string(certManagerAppRole["role_id"]),
@@ -411,11 +411,11 @@ func (m *CloudNativeRef) Bootstrap(
// +default="priv.cloud.ogenki.io"
privateDomainName string,
- // openbaoAddr is the Vault address to use
+ // openbaoAddr is the OpenBao address to use
// +optional
openbaoAddr string,
- // openbaoSkipVerify is the Vault skip verify to use
+ // openbaoSkipVerify is the OpenBao skip verify to use
// +optional
// +default="true"
openbaoSkipVerify string,
@@ -433,16 +433,16 @@ func (m *CloudNativeRef) Bootstrap(
var wg sync.WaitGroup
errChan := make(chan error, 2)
- var openbao *VaultConfig
+ var openbao *OpenBaoConfig
wg.Add(2)
go func() {
defer wg.Done()
var err error
- openbao, err = m.Vault(ctx, source, privateDomainName, openbaoAddr, openbaoSkipVerify, env)
+ openbao, err = m.OpenBao(ctx, source, privateDomainName, openbaoAddr, openbaoSkipVerify, env)
if err != nil {
- errChan <- fmt.Errorf("failed to create Vault resources: %w", err)
+ errChan <- fmt.Errorf("failed to create OpenBao resources: %w", err)
return
}
}()
@@ -469,7 +469,7 @@ func (m *CloudNativeRef) Bootstrap(
WithExec([]string{
"echo",
fmt.Sprintf(
- "VaultAddr: %s\nCertManagerAppRoleId: %s\nEKSGetCredentials: aws eks update-kubeconfig --name %s --alias %s",
+ "OpenBaoAddr: %s\nCertManagerAppRoleId: %s\nEKSGetCredentials: aws eks update-kubeconfig --name %s --alias %s",
openbao.Addr,
openbao.CertManagerRoleID,
eksClusterName,
@@ -495,11 +495,11 @@ func (m *CloudNativeRef) Destroy(
// +default="priv.cloud.ogenki.io"
privateDomainName string,
- // openbaoAddr is the Vault address to use
+ // openbaoAddr is the OpenBao address to use
// +optional
openbaoAddr string,
- // openbaoSkipVerify is the Vault skip verify to use
+ // openbaoSkipVerify is the OpenBao skip verify to use
// +optional
// +default="true"
openbaoSkipVerify string,
@@ -526,9 +526,9 @@ func (m *CloudNativeRef) Destroy(
return err
}
- // Set the Vault address
+ // Set the OpenBao address
if openbaoAddr == "" && privateDomainName != "" {
- openbaoAddr = fmt.Sprintf("https://openbao.%s:8200", privateDomainName)
+ openbaoAddr = fmt.Sprintf("https://bao.%s:8200", privateDomainName)
}
openbaoSecretName := fmt.Sprintf("openbao/%s/tokens/root", repoName)
@@ -560,9 +560,9 @@ func (m *CloudNativeRef) Destroy(
go func() {
defer wg.Done()
- err := destroyVault(ctx, container)
+ err := destroyOpenBao(ctx, container)
if err != nil {
- errChan <- fmt.Errorf("failed to destroy Vault resources: %w", err)
+ errChan <- fmt.Errorf("failed to destroy OpenBao resources: %w", err)
return
}
}()
diff --git a/dagger/openbao.go b/dagger/openbao.go
index 3bfff9c5..b1de395c 100644
--- a/dagger/openbao.go
+++ b/dagger/openbao.go
@@ -91,7 +91,7 @@ else
echo ""
fi
`
- baoSecretName := fmt.Sprintf("bao/%s/tokens/root", repoName)
+ baoSecretName := fmt.Sprintf("openbao/%s/tokens/root", repoName)
output, err := executeScriptOnInstance(sess, instanceID, baoInitScript)
if err != nil {
return "", err
@@ -198,7 +198,7 @@ fi
// configureOpenBao configures the bao cluster
func configureOpenBao(ctx context.Context, ctr *dagger.Container, tfarg string) (map[string]interface{}, error) {
- workDir := fmt.Sprintf("/%s/terraform/bao/management", repoName)
+ workDir := fmt.Sprintf("/%s/terraform/openbao/management", repoName)
_, err := tfRun(ctx, ctr, workDir, tfarg, []string{"-var-file", "variables.tfvars"})
if err != nil {
return nil, fmt.Errorf("failed to configure the bao cluster: %w", err)
@@ -234,7 +234,7 @@ echo "${CERT_MANAGER_ROLE_ID},${CERT_MANAGER_SECRET_ID}"
"role_id": appRoleID,
"secret_id": appRoleSecretID,
}
- err = storeOutputInSecretsManager(sess, fmt.Sprintf("bao/%s/approles/cert-manager", repoName), secretData)
+ err = storeOutputInSecretsManager(sess, fmt.Sprintf("openbao/%s/approles/cert-manager", repoName), secretData)
if err != nil {
return nil, err
}
diff --git a/security/base/cert-manager/openbao-clusterissuer.yaml b/security/base/cert-manager/openbao-clusterissuer.yaml
index 1a029d05..b63452c1 100644
--- a/security/base/cert-manager/openbao-clusterissuer.yaml
+++ b/security/base/cert-manager/openbao-clusterissuer.yaml
@@ -7,11 +7,11 @@ spec:
vault:
server: https://bao.priv.${domain_name}:8200
path: pki_private_issuer/sign/ogenki
- caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN4RENDQWt1Z0F3SUJBZ0lVRmIrdmtPSUdJL3NLL2czVS8zVlNRUHh5bkY4d0NnWUlLb1pJemowRUF3TXcKZWpFTE1Ba0dBMVVFQmhNQ1JsSXhEekFOQmdOVkJBZ01Ca1p5WVc1alpURU9NQXdHQTFVRUJ3d0ZVR0Z5YVhNeApEekFOQmdOVkJBb01CazluWlc1cmFURVBNQTBHQTFVRUF3d0dUMmRsYm10cE1TZ3dKZ1lKS29aSWh2Y05BUWtCCkZobHpiV0ZwYm1VdWEyRm9iRzkxWTJoQWIyZGxibXRwTG1sdk1CNFhEVEkwTURNeU1qQTVOVGd5TTFvWERUSTUKTURNeU16QTVOVGd5TTFvd2dZY3hDekFKQmdOVkJBWVRBa1pTTVE4d0RRWURWUVFJREFaR2NtRnVZMlV4RGpBTQpCZ05WQkFjTUJWQmhjbWx6TVE4d0RRWURWUVFLREFaUFoyVnVhMmt4SERBYUJnTlZCQU1NRTA5blpXNXJhU0JKCmJuUmxjbTFsWkdsaGRHVXhLREFtQmdrcWhraUc5dzBCQ1FFV0dYTnRZV2x1WlM1cllXaHNiM1ZqYUVCdloyVnUKYTJrdWFXOHdkakFRQmdjcWhrak9QUUlCQmdVcmdRUUFJZ05pQUFSYXhIWUxrMXY3RTdvTnI1L0MvSDNpc0RVTQpNOE1QRnNTcGZUMUhLSExjK3VUUkNBRWlWcFFEM21nZEhLR1QvaTVMa3BXWmdFcll6ZXRETDIrcmRUVSszNmFNCjdpSUZwSmpDZWlVYmt1U0RMRnRmMGZVZmx2T3F2akMwamtOZ2Z4dWpnWU13Z1lBd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RGdZRFZSMFBBUUgvQkFRRApBZ0dtTUIwR0ExVWREZ1FXQkJTVE9EOXdqamVSRG5ZdS8vOWFqOHBUcVpoK1lqQWZCZ05WSFNNRUdEQVdnQlNiCkpJRm5ETmJMZXlKNm5Ld1dGb2x5TkM2ekJUQUtCZ2dxaGtqT1BRUURBd05uQURCa0FqQnZUZHRXVHlBbWtqSlgKTC9udGJLcFljQUhSOG9kaDA0U2c4ZXFHTVJ3RElqUWNOOTNyNW5TK0VYMWlOb29IeFBNQ01GMkd0NlF6ZDYxdgpqWGNZejBQQSs3cE9UdWVZOWoxQ3Nnd2xyV2d5bEQxeXF3WTYxMnVNRkNPQ2t6U24zUDBlc1E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlDaFRDQ0FneWdBd0lCQWdJVVVRaDNzV2JWeXFBS2JHazc2VjdQY0crcFNHd3dDZ1lJS29aSXpqMEVBd013CmVqRUxNQWtHQTFVRUJoTUNSbEl4RHpBTkJnTlZCQWdNQmtaeVlXNWpaVEVPTUF3R0ExVUVCd3dGVUdGeWFYTXgKRHpBTkJnTlZCQW9NQms5blpXNXJhVEVQTUEwR0ExVUVBd3dHVDJkbGJtdHBNU2d3SmdZSktvWklodmNOQVFrQgpGaGx6YldGcGJtVXVhMkZvYkc5MVkyaEFiMmRsYm10cExtbHZNQjRYRFRJME1ETXlNakE1TlRZMU5Gb1hEVE0wCk1ETXlNekE1TlRZMU5Gb3dlakVMTUFrR0ExVUVCaE1DUmxJeER6QU5CZ05WQkFnTUJrWnlZVzVqWlRFT01Bd0cKQTFVRUJ3d0ZVR0Z5YVhNeER6QU5CZ05WQkFvTUJrOW5aVzVyYVRFUE1BMEdBMVVFQXd3R1QyZGxibXRwTVNndwpKZ1lKS29aSWh2Y05BUWtCRmhsemJXRnBibVV1YTJGb2JHOTFZMmhBYjJkbGJtdHBMbWx2TUhZd0VBWUhLb1pJCnpqMENBUVlGSzRFRUFDSURZZ0FFa0E0K1FyVDMwZUlVdGVUVEhaM3YvQ2t5N25NbHZ2S21KcjJsUThtd2NhM0cKckhKNjF0cE9VZ0dOb3pUMHVQSG1Gand2dGZ0VzM0empIOUwwb2FwS01BaC9PdlQwekVvUXFKU2ozdkxzUWNYOQpjVi9rWm8zVlFCR29FWWhnblI5Mm8xTXdVVEFkQmdOVkhRNEVGZ1FVbXlTQlp3eld5M3NpZXB5c0ZoYUpjalF1CnN3VXdId1lEVlIwakJCZ3dGb0FVbXlTQlp3eld5M3NpZXB5c0ZoYUpjalF1c3dVd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QUtCZ2dxaGtqT1BRUURBd05uQURCa0FqQkxMN1IyZEpxendXaGJCdWl4T0k3aUZlVXBGZ2VXSUZIRwpiTExrRERveWFKOWFDWnEzRDdhWnpnSVVoME9PMERzQ01IZUhNRFFYRklMQTdzOThTTEFENU9Ib2didUpaWTdGClFZcGpEVUxybEowQnd1UWFhR0JGYklQd0F1YlQ2OXE3VWc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+ caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN4VENDQWt1Z0F3SUJBZ0lVVkxLT3doMkNBdXFTVmhwdXJlNk9GOEl2Mmpvd0NnWUlLb1pJemowRUF3TXcKZWpFTE1Ba0dBMVVFQmhNQ1JsSXhEekFOQmdOVkJBZ01Ca1p5WVc1alpURU9NQXdHQTFVRUJ3d0ZVR0Z5YVhNeApEekFOQmdOVkJBb01CazluWlc1cmFURVBNQTBHQTFVRUF3d0dUMmRsYm10cE1TZ3dKZ1lKS29aSWh2Y05BUWtCCkZobHpiV0ZwYm1VdWEyRm9iRzkxWTJoQWIyZGxibXRwTG1sdk1CNFhEVEkwTVRFeE9UQTRNRE13TjFvWERUSTUKTVRFeU1EQTRNRE13TjFvd2dZY3hDekFKQmdOVkJBWVRBa1pTTVE4d0RRWURWUVFJREFaR2NtRnVZMlV4RGpBTQpCZ05WQkFjTUJWQmhjbWx6TVE4d0RRWURWUVFLREFaUFoyVnVhMmt4SERBYUJnTlZCQU1NRTA5blpXNXJhU0JKCmJuUmxjbTFsWkdsaGRHVXhLREFtQmdrcWhraUc5dzBCQ1FFV0dYTnRZV2x1WlM1cllXaHNiM1ZqYUVCdloyVnUKYTJrdWFXOHdkakFRQmdjcWhrak9QUUlCQmdVcmdRUUFJZ05pQUFRazQ1YytWTmh1Rk0wZHVyc1dHb3ZqbW5TcQo0eGRZVEI5WTV5RXlyUExwK1NTcmhLb05qaCtDdlRKbW1zbUM1QkdOclBCOXFBMW90WWVXZ0M0RzA0N2Y0UXRvCkxNRHduVEdpV2dNZlNRUjhtRGhqSXpEb1RCUXd2QU5Gb3ZIb3lBaWpnWU13Z1lBd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RGdZRFZSMFBBUUgvQkFRRApBZ0dtTUIwR0ExVWREZ1FXQkJTdjR2dXV6SDJQeDdNdFNuUnZrMHhuSlhIcklqQWZCZ05WSFNNRUdEQVdnQlJDClZITnZTYm5SRWM0Rkl0N1pJZmp3TGFCak1UQUtCZ2dxaGtqT1BRUURBd05vQURCbEFqQTBnczZIT0syTU1wSzQKRngxem9DN1VZYWMvSUJIZzQ5N1ljaEJGc2lXMEtjVm5Hc1dxeUpmVDFoeTR2M0NZUkNvQ01RQ2ZIaU5XeVBKbAo3Si93ZDB0QS9abFBxY29xMXVLUEZVcHFHUloyVXZIaTUwQWFEbnNwZks2cXMyVWdaVFUrSnBjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlDaFRDQ0FneWdBd0lCQWdJVUpCVDNoOVZQMWFsay8wQzNuTEllZUM2MWdGb3dDZ1lJS29aSXpqMEVBd013CmVqRUxNQWtHQTFVRUJoTUNSbEl4RHpBTkJnTlZCQWdNQmtaeVlXNWpaVEVPTUF3R0ExVUVCd3dGVUdGeWFYTXgKRHpBTkJnTlZCQW9NQms5blpXNXJhVEVQTUEwR0ExVUVBd3dHVDJkbGJtdHBNU2d3SmdZSktvWklodmNOQVFrQgpGaGx6YldGcGJtVXVhMkZvYkc5MVkyaEFiMmRsYm10cExtbHZNQjRYRFRJME1URXhPVEE0TURFeU4xb1hEVE0wCk1URXlNREE0TURFeU4xb3dlakVMTUFrR0ExVUVCaE1DUmxJeER6QU5CZ05WQkFnTUJrWnlZVzVqWlRFT01Bd0cKQTFVRUJ3d0ZVR0Z5YVhNeER6QU5CZ05WQkFvTUJrOW5aVzVyYVRFUE1BMEdBMVVFQXd3R1QyZGxibXRwTVNndwpKZ1lKS29aSWh2Y05BUWtCRmhsemJXRnBibVV1YTJGb2JHOTFZMmhBYjJkbGJtdHBMbWx2TUhZd0VBWUhLb1pJCnpqMENBUVlGSzRFRUFDSURZZ0FFRElOUzRQUnhRbE1rUVpneVdmd3NiMjE3SnlIazNiZHNEdlkvVmpGQTlReC8KNEthM2k5SnBTS3U4eTJJRngwcldBNDRYVlh4eFZ0WmJLd1hHdjQ0dHFvbklBSG5PSys0WXRkNnlVZXZOOEZ0ZwpmN3B2eTV0blU4Qk0xNlFCOGRGa28xTXdVVEFkQmdOVkhRNEVGZ1FVUWxSemIwbTUwUkhPQlNMZTJTSDQ4QzJnCll6RXdId1lEVlIwakJCZ3dGb0FVUWxSemIwbTUwUkhPQlNMZTJTSDQ4QzJnWXpFd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QUtCZ2dxaGtqT1BRUURBd05uQURCa0FqQldMZGo4WmFFSGlPeTRKT3ZIVlVsMUxWMkhSSUc0d0M5dAp2Nk11TVhxa3FGSElBN1dkaEFWcEF4SUxuR2M1SFk0Q01HMG9QMGlUeFBDRlV4dFpKWFpJenY2WVVtVFRPUHJFCjUxRU8zbVp3bThMakFwQmxuWG1rNmsrQ2MzZnRZOXl6Q1E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
auth:
appRole:
path: approle
- roleId: a927b9fe-616c-09f7-8b60-8fafb99f737f # !! This value changes each time I recreate the whole platform
+ roleId: 053f16c4-9aee-f063-62d3-e09435bfc2f1 # !! This value changes each time I recreate the whole platform
secretRef:
name: cert-manager-openbao-approle
key: secret_id
diff --git a/terraform/eks/README.md b/terraform/eks/README.md
index b5188a94..a100218c 100644
--- a/terraform/eks/README.md
+++ b/terraform/eks/README.md
@@ -104,13 +104,13 @@ tofu destroy --var-file variables.tfvars
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.76.0 |
-| [aws.virginia](#provider\_aws.virginia) | 5.76.0 |
+| [aws](#provider\_aws) | ~> 5.0 |
+| [aws.virginia](#provider\_aws.virginia) | ~> 5.0 |
| [flux](#provider\_flux) | 1.4.0 |
-| [helm](#provider\_helm) | 2.16.1 |
-| [http](#provider\_http) | 3.4.5 |
-| [kubectl](#provider\_kubectl) | 2.1.3 |
-| [kubernetes](#provider\_kubernetes) | 2.33.0 |
+| [helm](#provider\_helm) | >= 2.7 |
+| [http](#provider\_http) | >= 3.4 |
+| [kubectl](#provider\_kubectl) | >= 2.0.0 |
+| [kubernetes](#provider\_kubernetes) | >= 2.20 |
## Modules
diff --git a/terraform/network/README.md b/terraform/network/README.md
index d4deec65..eb3f240f 100644
--- a/terraform/network/README.md
+++ b/terraform/network/README.md
@@ -65,8 +65,8 @@ tailscale status
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.76.0 |
-| [tailscale](#provider\_tailscale) | 0.17.2 |
+| [aws](#provider\_aws) | ~> 5.0 |
+| [tailscale](#provider\_tailscale) | ~> 0.17 |
## Modules
diff --git a/terraform/openbao/cluster/README.md b/terraform/openbao/cluster/README.md
index ac056e45..160acd34 100644
--- a/terraform/openbao/cluster/README.md
+++ b/terraform/openbao/cluster/README.md
@@ -55,8 +55,8 @@ This architecture balances performance, cost-efficiency, and resilience, embraci
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | 5.76.0 |
-| [cloudinit](#provider\_cloudinit) | 2.3.5 |
+| [aws](#provider\_aws) | ~> 5.0 |
+| [cloudinit](#provider\_cloudinit) | ~> 2.3 |
## Modules
diff --git a/terraform/openbao/management/README.md b/terraform/openbao/management/README.md
index f70850ab..0db3ea9c 100644
--- a/terraform/openbao/management/README.md
+++ b/terraform/openbao/management/README.md
@@ -105,7 +105,7 @@ This repository facilitates the setup of an existing Vault cluster using the Vau
| Name | Version |
|------|---------|
-| [vault](#provider\_vault) | 4.4.0 |
+| [vault](#provider\_vault) | ~> 4.0 |
## Modules