I have created a multitenant app in Azure Portal. I'm using client credentials flow. Now I want to write client id and secret into Vault once and then generate tokens for different tenants.
Describe the Solution You Would Like
Perfect flow for this case
vault secrets enable -path=oauth2/azure oauthapp
vault write oauth2/azure/config provider=microsoft_azure_ad client_id=*** client_secret=*** provider_options=tenant=common
# Currently I cannot override the tenant here
vault write oauth2/azure/config/self/org1 scopes=https://graph.microsoft.com/.default provider_options=tenant=<org1_tetant_guid>
# Currently I cannot override the tenant here
vault write oauth2/azure/config/self/org2 scopes=https://graph.microsoft.com/.default provider_options=tenant=<org2_tetant_guid>
vault read oauth2/azure/self/org1
vault read oauth2/azure/self/org2
Describe Alternatives You've Considered
If could write into a separate path for every tenant
Use Case
I have created a multitenant app in Azure Portal. I'm using client credentials flow. Now I want to write client id and secret into Vault once and then generate tokens for different tenants.
Describe the Solution You Would Like
Perfect flow for this case
Describe Alternatives You've Considered
If could write into a separate path for every tenant
But then I will need to duplicate my client id and secret for every org.
Please let me know if this solution is ok for you. I could contribute if you have no time to implement this feature.