[Enhancement]: Support using a JWT file for auth_login_jwt

hashicorp / terraform-provider-vault

Terraform Vault provider

https://www.terraform.io/docs/providers/vault/

Mozilla Public License 2.0

467 stars 542 forks source link

[Enhancement]: Support using a JWT file for auth_login_jwt #2353

Open stevehipwell opened 2 weeks ago

stevehipwell commented 2 weeks ago

Description

I'd like to be able to specify a JWT file rather than the JWT content when I'm configuring Vault.

Affected Resource(s) and/or Data Source(s)

n/a

Potential Terraform Configuration

provider "vault" {
  auth_login_jwt" {
    jwt_file = "./jwt"
    mount = "github-actions"
    role  = "my-role"
  }
}

References

No response

Would you like to implement a fix?

None

fairclothjm commented 2 weeks ago

@stevehipwell Hello, there is the env TERRAFORM_VAULT_AUTH_JWT as well as the TF file function. Will either of those work for your use-case?

stevehipwell commented 2 weeks ago

@fairclothjm that env variable is the content again though isn't it? Other providers generally support a file path, that way the token can be refreshed before it expires.

fairclothjm commented 2 weeks ago

Thanks for context! In that case, I think this is a legit feature request. Although, I think the file function could be used here?

stevehipwell commented 2 weeks ago

@fairclothjm we current use the file function, but that means that the token content needs to be correct when file is called rather than when the token is actually used.