search

hashicorp / vault-service-broker

The official HashiCorp Vault broker integration to the Open Service Broker API. This service broker provides support for secure secret storage and encryption-as-a-service to HashiCorp Vault.
https://www.vaultproject.io/
Mozilla Public License 2.0
84 stars 38 forks source link

Remove vault http client redefinition #66

Closed tvoran closed 2 years ago

tvoran commented 2 years ago

Allows env variables like VAULT_SKIP_VERIFY to be picked up by the Vault client.

Tested by setting up a Vault server in dev mode with a TLS listener, and setting VAULT_SKIP_VERIFY for the service broker.

# configure Vault with TLS on port 8400
mkcert localhost

cat << EOF >> dev-tls-config.hcl
listener "tcp" {
  address       = "0.0.0.0:8400"
  tls_cert_file = "localhost.pem"
  tls_key_file  = "localhost-key.pem"
}
EOF

vault server -dev -log-level="debug" -dev-ha -dev-transactional -dev-root-token-id=root -config=dev-tls-config.hcl

# setup the broker
export VAULT_ADDR="https://localhost:8400"
export VAULT_TOKEN="root"
export VAULT_SKIP_VERIFY=true
export SECURITY_USER_NAME="vault"
export SECURITY_USER_PASSWORD="broker-secret-password"

go build
./vault-service-broker

Fixes #52