search

joshcorr / SecretManagement.Hashicorp.Vault.KV

A PowerShell SecretManagement extension for Hashicorp Vault Key Value Engine
MIT License
30 stars 10 forks source link

[Feature] Github token authentication #34

Open alxandr-elvia opened 2 years ago

alxandr-elvia commented 2 years ago

Is your feature request related to a problem? Please describe. Hi. We're using github tokens to authenticate with vault. I have an old power-shell script that does the following:

function Get-VaultToken {
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true)]
        [string]
        $Address,

        [Parameter(Mandatory = $true)]
        [string]
        $GithubToken
    )

    $Uri = "${Address}v1/auth/github/login"
    $Body = @{
        token = $GithubToken
    } | ConvertTo-Json
    $Headers = @{
        "Content-type" = "application/json"
    }

    $Response = Invoke-RestMethod -Method Post -Uri $Uri -Body $Body -Headers $Headers
    $Token = $Response.auth.client_token
    If (!$Token) {
        Throw "Failed to get token from Vault"
    }

    return $Token
}

but I would like to switch to using the secret-management module if possible. I've thought about just using the current Get-VaultToken to get the token and then register with the vault provider, but I'm unsure how long the vault token lives for, so I'm guessing it wouldn't be a particularly good solution.

Describe the solution you'd like Support github as an authentication method, which uses a provided github token to exchange for a vault token.

Describe alternatives you've considered Create a cmd-let that does the Get-VaultToken above, and adds/updates the secret-management vault with the new token.

Additional context