search

UKHomeOffice / vault-sidekick

Vault sidekick
Apache License 2.0
195 stars 62 forks source link

Added request auth token feature #111

Closed walton-io closed 3 years ago

walton-io commented 3 years ago

if --request-token is set vault-sidekick will attempt to request an auth token from vault using

A kubernetes serviceAccountPath "/var/run/secrets/kubernetes.io/serviceaccount/token"

and the following env vars - example values below

vaultAuthPath = getEnv("VAULT_AUTH_PATH", "auth/kubernetes")
vaultAddress  = getEnv("VAULT_ADDR", "http://vault.svc.cluster.local")
vaultRole     = getEnv("VAULT_ROLE", "default")

Will write out two files to 

vaultTokenFilePath      = "/var/run/secrets/vaultproject.io/.vault-token"
vaultAuthFilePath       = "/var/run/secrets/vaultproject.io/.vault-auth"