Allow access_token to be passed to TLSPC / VaaS from playbook

Venafi / vcert

Go client SDK and command line utility designed to simplify integrations by automating key generation and certificate enrollment using Venafi machine identity services.

https://support.venafi.com/hc/en-us/articles/217991528

Apache License 2.0

88 stars 64 forks source link

Allow access_token to be passed to TLSPC / VaaS from playbook #424

Closed BeardedPrincess closed 5 months ago

BeardedPrincess commented 7 months ago

Allow the vCert playbook to specify an access_token for TLSPC. This does not break any existing functionality, or directly allow using an access_token. However, some use-cases have identified the requirement for the use of an API gateway between the client and VaaS, along with the ability to pass a bearer token. This fix allows that functionality for that corner case. Additionally, it prepares us for updates coming to allow "service account" usage for vCert.

rvelaVenafi commented 5 months ago

@BeardedPrincess with the service account feature support, is this PR still valid?

BeardedPrincess commented 5 months ago

Yes, it will still be needed. The use-case is still probably more of an edge case where we need to operate with an API gateway. If you want to reach out I can spend some time explaining the use-case.

The service-account support does mitigate this, but unfortunately, I'm not sure it eliminates it 100%