search

akeyless-community / terraform-provider-akeyless

Mozilla Public License 2.0
12 stars 10 forks source link

Add login-method OIDC to provider #77

Open DaniRieker opened 11 months ago

DaniRieker commented 11 months ago

We use OIDC for login to the web-ui as well as for the cli. We would like to use the same login method when running terraform locally currently we need to configure an additional id/key based auth-method for each engineer and make sure the permissions match.

Would it be possible to add the oidc login method to the provider and configure it like this:

provider "akeyless" {
  api_gateway_address = "https://api.akeyless.io"

  oidc_login {
      access_id = "" // get it also from ENV variable AKEYLESS_AUTH_OIDC_ACCESS_ID
      oidc_token ="" // get it also from ENV variable AKEYLESS_AUTH_OIDC_TOKEN
  }
}

I'm having two ideas in mind for the actual implementation of the authentication:

  1. Use the cached credential from the CLI for the same access_id
  2. Add a second parameter to the oidc_login schema "oidc_token" where the token can be added
chestnutprog commented 5 months ago

+1, BTW, I think it can be more convince if the provider can read login state from ~/.akeyless generated by akeyless auth