luzifer/vault-user-token
1
0
Fork 0
mirror of https://github.com/Luzifer/vault-user-token.git synced 2024-10-18 08:04:21 +00:00
Code Issues Releases Wiki Activity
This project is intended to constantly renew a Vault token derived from a role id
15 commits 2 branches 6 tags 787 KiB
Go 97.2%
Makefile 2.8%
Find a file
Knut Ahlers 3efdaa2a1f
Cleanup README 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2023-11-29 11:33:50 +01:00
.github/workflows Replace CI tooling 2023-11-29 11:30:42 +01:00
CONTRIBUTING.md Add metadata 2017-04-23 19:45:54 +02:00
go.mod Update dependencies 2023-11-29 11:31:36 +01:00
go.sum Update dependencies 2023-11-29 11:31:36 +01:00
History.md prepare release v0.4.0 2023-11-29 11:25:51 +01:00
LICENSE Add metadata 2017-04-23 19:45:54 +02:00
main.go Rewrite, add support for secret override file 2022-10-18 12:58:07 +02:00
Makefile Add build env 2017-04-23 20:02:32 +02:00
README.md Cleanup README 2023-11-29 11:33:50 +01:00

README.md

Luzifer / vault-user-token

This project is intended to constantly renew a Vault token derived from a role id.

That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.

As secret multiple strings are possible:

  • Full Hostname (--full-hostname=true)
  • Short Hostname (--full-hostname=false)
  • Secret from disk (~/.config/vault-user-token.secret, file must have 0o400 or 0o600 permission, content is stripped for whitespaces)