This project is intended to constantly renew a Vault token derived from a role id

Find a file

Renovate Bot ef346ff65a All checks were successful renovate/stability-days Updates have met minimum release age requirement Details ci(deps): update actions/checkout action to v5.0.1		2025-11-17 16:08:25 +00:00
.github/workflows	ci(deps): update actions/checkout action to v5.0.1	2025-11-17 16:08:25 +00:00
.gitignore	ci: onboard renovate	2025-06-29 22:59:52 +02:00
CONTRIBUTING.md	Add metadata	2017-04-23 19:45:54 +02:00
go.mod	chore(deps): update dependency go to v1.25.4	2025-11-08 00:08:30 +00:00
go.sum	fix(deps): update module github.com/hashicorp/vault/api to v1.22.0	2025-10-03 14:38:27 +00:00
History.md	prepare release v0.5.4	2025-06-29 23:05:53 +02:00
LICENSE	Add metadata	2017-04-23 19:45:54 +02:00
main.go	Rewrite, add support for secret override file	2022-10-18 12:58:07 +02:00
Makefile	Add build env	2017-04-23 20:02:32 +02:00
README.md	Cleanup README	2023-11-29 11:33:50 +01:00
renovate.json	ci: onboard renovate	2025-06-29 22:59:52 +02:00

README.md

Luzifer / vault-user-token

This project is intended to constantly renew a Vault token derived from a role id.

That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.

As secret multiple strings are possible:

Full Hostname (--full-hostname=true)
Short Hostname (--full-hostname=false)
Secret from disk (~/.config/vault-user-token.secret, file must have 0o400 or 0o600 permission, content is stripped for whitespaces)