devops-rob / target-cli

A CLI tool to manage context profiles for HashiCorp tools
Apache License 2.0
32 stars 5 forks source link

vault and oidc usage? #24

Open sereinity opened 10 months ago

sereinity commented 10 months ago

Hello,

I wanted to give the tool a try, and wonder what could be a proper usage of it when using an oidc authentication method.

I configured only the endpoint and hit vault login -method=oidc on each context switching, is there a better way?

devops-rob commented 10 months ago

Hi @sereinity Currently not unfortunately. What would the ideal UX be for you?

sereinity commented 10 months ago

A quick tough:

target vault create example-oidc --endpoint=https://example-vault.com:8200 --method=oidc
target vault create example-token --endpoint=https://example-vault.com:8200 --token=mytoken
eval $(target vault select example-oidc)
vault login
vault read …
eval $(target vault select example-token)
vault read …
eval $(target vault select example-oidc)
# no need to login has the previous token for this profile is still valid
vault read …

Bonus:

Vault should support using a -method from an environment variable, which seems to not exists right now, a target vault login may help.

Also, target may provide a token helper to store/get/set tokens by profile.

davidusken commented 9 months ago

Just installed this tool and also noticed there was no OIDC method so +1 for this