How to enable vault m2m between spinless and robokit:
Get spinless entity_id (this's service provider (SP)), let it be spinless_entity_id.
Get robokit entity_id (this's service client or consumer (SC)), robokit_entity_id.
Before spinless deploy started -- grant access to robokit on all functions. Take as a reference commands from scalecube/m2m-vault-poc/blob/master/grant_access.sh and execute against vault:
Once grant access executed robokit would have ability to ask a token (see content of scalecube/m2m-vault-poc/blob/master/get_access_token.sh) for himself on this url:
curl --header "X-Vault-Token: $ENTITY_TOKEN" $VAULT_ADDR/v1/identity/oidc/token/spinless_entity_id.robokit_entity_id.spinless-operator
https://github.com/scalecube/m2m-vault-poc/blob/master/README.md poc dlya m2m vault auth (edited)
How to enable vault m2m between spinless and robokit:
Get spinless entity_id (this's service provider (SP)), let it be spinless_entity_id.
Get robokit entity_id (this's service client or consumer (SC)), robokit_entity_id.
Before spinless deploy started -- grant access to robokit on all functions. Take as a reference commands from
scalecube/m2m-vault-poc/blob/master/grant_access.sh
and execute against vault:See full list of capabilities on https://github.com/jivygroup/exchange/wiki/M2M-authorization. This command must run not neccessarly from root vault token, but by some administrative role.
scalecube/m2m-vault-poc/blob/master/get_access_token.sh
) for himself on this url:curl --header "X-Vault-Token: $ENTITY_TOKEN" $VAULT_ADDR/v1/identity/oidc/token/spinless_entity_id.robokit_entity_id.spinless-operator