vault-user-token/README.md

# Luzifer / vault-user-token

This project is intended to constantly renew a Vault token derived from a role id.

That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.

As secret multiple strings are possible:

- Full Hostname (`--full-hostname=true`)
- Short Hostname (`--full-hostname=false`)
- Secret from disk (`~/.config/vault-user-token.secret`, file must have `0o400` or `0o600` permission, content is stripped for whitespaces)
Add metadata Signed-off-by: Knut Ahlers <knut@ahlers.me> 2017-04-23 17:45:54 +00:00			`# Luzifer / vault-user-token`

			`This project is intended to constantly renew a Vault token derived from a role id.`

			`That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.`

Rewrite, add support for secret override file Signed-off-by: Knut Ahlers <knut@ahlers.me> 2022-10-18 10:52:28 +00:00			`As secret multiple strings are possible:`

			- Full Hostname (`--full-hostname=true`)
			- Short Hostname (`--full-hostname=false`)
			- Secret from disk (`~/.config/vault-user-token.secret`, file must have `0o400` or `0o600` permission, content is stripped for whitespaces)