Feature request: secrets engine for Cloudflare

[fabiendelpierre]

A secrets engine for creating Cloudflare API tokens seems like a shoe-in for Vault. The engine would work in a way identical to other secrets engine whereby Vault is provided with a highly-privileged API token and accepts requests to create and hand out additional API tokens, given a set of parameters.

Desirable features would correspond to what Cloudflare lets you do when creating an API token:

• Attach one or more pre-baked permissions templates or custom permissions to a token
• Client IP address filtering (control which IP address is allowed to use a Cloudflare API token) (doc)
• TTL (this is probably redundant with Vault's TTL functionality already found in other secrets engines, so using Cloudflare's built-in TTL feature may not be needed, but I thought I'd mention it) (doc)

See also:

• Making API calls
• Cloudflare API for creating API tokens

[FWest98]

https://github.com/mollstam/vault-plugin-secrets-cloudflare-access

This might be of interest. Doesn't seem to be very actively used, but with a little work might satisfy the requirements.