mirror of
https://github.com/Luzifer/vault-user-token.git
synced 2024-12-20 04:41:20 +00:00
This project is intended to constantly renew a Vault token derived from a role id
.github/workflows | ||
CONTRIBUTING.md | ||
go.mod | ||
go.sum | ||
History.md | ||
LICENSE | ||
main.go | ||
Makefile | ||
README.md |
Luzifer / vault-user-token
This project is intended to constantly renew a Vault token derived from a role id.
That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.
As secret multiple strings are possible:
- Full Hostname (
--full-hostname=true
) - Short Hostname (
--full-hostname=false
) - Secret from disk (
~/.config/vault-user-token.secret
, file must have0o400
or0o600
permission, content is stripped for whitespaces)