search

jfrog / vault-plugin-secrets-artifactory

HashiCorp Vault Secrets Plugin for Artifactory
https://jfrog.com
Apache License 2.0
41 stars 20 forks source link

feat: allow setting username/description during rotation #85

Closed TJM closed 1 year ago

TJM commented 1 year ago

This simply allows the optional setting of a username and/or description when rotating the admin token.

It still needs docs and tests.

Basic functionality:

[tmcneely@local artifactory-secrets-plugin]$ vault read artifactory/config/admin
Key                    Value
---                    -----
access_token_sha256    d3edeabe961e3741ae0e1d8795f56e8e6fa1e562e257673c4367e58ef49f9c48
scope                  applied-permissions/admin
token_id               393984a5-2948-4fa6-bd91-49301decdbe4
url                    http://localhost:8082
use_expiring_tokens    false
username               vault-admin
version                7.55.10
[tmcneely@local artifactory-secrets-plugin]$ vault write artifactory/config/rotate username=tommy-dev-vault-admin description="Admin account for vault secrets engine"
Success! Data written to: artifactory/config/rotate
[tmcneely@local artifactory-secrets-plugin]$ vault read artifactory/config/admin
Key                    Value
---                    -----
access_token_sha256    f9c63ee191570be71fabd19ff0b3104e33ad4bc9b6970b4bbdfa05dca21c36b8
scope                  applied-permissions/admin
token_id               a94b7ea8-7588-4810-8853-80809642e002
url                    http://localhost:8082
use_expiring_tokens    false
username               tommy-dev-vault-admin
version                7.55.10
[tmcneely@local artifactory-secrets-plugin]$ curl -H "Authorization: Bearer $ACCESS_TOKEN"  http://localhost:8082/access/api/v1/tokens/a94b7ea8-7588-4810-8853-80809642e002
{
  "token_id" : "a94b7ea8-7588-4810-8853-80809642e002",
  "subject" : "jfac@01gykd5tha8tmk06x1sjmg1seb/users/tommy-dev-vault-admin",
  "issued_at" : 1682391447,
  "issuer" : "jfac@01gykd5tha8tmk06x1sjmg1seb",
  "description" : "Admin account for vault secrets engine",
  "refreshable" : false
}%

NOTE: The token description is stored in the database, but is not in the actual JWT token.

/closes #69

TJM commented 1 year ago

Ooops, docs (README) would be good. :)

DONE. take a look and let me know if any changes are needed.

Thanks, Tommy