mirror of https://github.com/Luzifer/vault-user-token.git synced 2025-03-14 20:17:45 +00:00

This project is intended to constantly renew a Vault token derived from a role id

Find a file

dependabot[bot] f2cb9c3bd2 Bump golang.org/x/net from 0.0.0-20221017152216-f25eb7ecb193 to 0.7.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20221017152216-f25eb7ecb193 to 0.7.0. - [Release notes](https://github.com/golang/net/releases) - [Commits](https://github.com/golang/net/commits/v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>		2023-02-25 02:37:15 +00:00
.repo-runner.yaml	Add build env	2017-04-23 20:02:32 +02:00
CONTRIBUTING.md	Add metadata	2017-04-23 19:45:54 +02:00
go.mod	Bump golang.org/x/net from 0.0.0-20221017152216-f25eb7ecb193 to 0.7.0	2023-02-25 02:37:15 +00:00
go.sum	Bump golang.org/x/net from 0.0.0-20221017152216-f25eb7ecb193 to 0.7.0	2023-02-25 02:37:15 +00:00
History.md	prepare release v0.3.0	2022-07-02 18:19:01 +02:00
LICENSE	Add metadata	2017-04-23 19:45:54 +02:00
main.go	Rewrite, add support for secret override file	2022-10-18 12:58:07 +02:00
Makefile	Add build env	2017-04-23 20:02:32 +02:00
README.md	Rewrite, add support for secret override file	2022-10-18 12:58:07 +02:00

README.md

Luzifer / vault-user-token

This project is intended to constantly renew a Vault token derived from a role id.

That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.

As secret multiple strings are possible:

Full Hostname (--full-hostname=true)
Short Hostname (--full-hostname=false)
Secret from disk (~/.config/vault-user-token.secret, file must have 0o400 or 0o600 permission, content is stripped for whitespaces)