luzifer/vault-user-token
1
0
Fork 0
mirror of https://github.com/Luzifer/vault-user-token.git synced 2025-03-14 20:17:45 +00:00
Code Issues Releases Wiki Activity
This project is intended to constantly renew a Vault token derived from a role id
17 commits 3 branches 8 tags 808 KiB
Go 97.2%
Makefile 2.8%
Find a file
dependabot[bot] 18b64d044a
Bump golang.org/x/net from 0.19.0 to 0.23.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.19.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.19.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-19 12:42:43 +00:00
.github/workflows Replace CI tooling 2023-11-29 11:30:42 +01:00
CONTRIBUTING.md Add metadata 2017-04-23 19:45:54 +02:00
go.mod Bump golang.org/x/net from 0.19.0 to 0.23.0 2024-04-19 12:42:43 +00:00
go.sum Bump golang.org/x/net from 0.19.0 to 0.23.0 2024-04-19 12:42:43 +00:00
History.md prepare release v0.5.0 2023-11-29 11:36:00 +01:00
LICENSE Add metadata 2017-04-23 19:45:54 +02:00
main.go Rewrite, add support for secret override file 2022-10-18 12:58:07 +02:00
Makefile Add build env 2017-04-23 20:02:32 +02:00
README.md Cleanup README 2023-11-29 11:33:50 +01:00

README.md

Luzifer / vault-user-token

This project is intended to constantly renew a Vault token derived from a role id.

That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.

As secret multiple strings are possible:

  • Full Hostname (--full-hostname=true)
  • Short Hostname (--full-hostname=false)
  • Secret from disk (~/.config/vault-user-token.secret, file must have 0o400 or 0o600 permission, content is stripped for whitespaces)