Support for getting do_token from Vault

[wgebis]

What is the problem this feature would solve? Please describe. Now, doctl after auth init action, saves long-lived token for DO resources in a file system (config file).

Describe the solution you'd like doctl auth should allow bypass the local storage and get the desired token from Vault repository. In that case, short-lived Vaults tokens will allow to getting long-lived. Similar features are available in terms of shadowing secrets on well-known cloud providers as with the AWS, Azure etc.

So the desired scenario might look like:

1. Call doctl auth init for getting Vault connection properties.
2. Call vault login in order to login into Vault (e.g. via OIDC provider, GitHub etc.)
3. Use doctl as usual, but in the background, doctl uses Vault client and honoured the default token from ~/.vault-token in terms of getting target DO token.

Additional context This suggestion improves significantly security in case of using doctl on the desktop env. It avoids storing DO tokens locally on fs.

[scotchneat]

Thank you for the suggestion @wgebis! We welcome your contribution and will certainly consider implementing your suggestion.

[Utsavk]

Can i try to contribute for this issue

[ChiefMateStarbuck]

Hello @Utsavk ! Yes we are open to all PR's from the community, and will gladly help you get it merged :) thank you for the interest.

[Utsavk]

thanks @ChiefMateStarbuck