mirror of https://github.com/Luzifer/vault-user-token.git synced 2024-10-18 08:04:21 +00:00

This project is intended to constantly renew a Vault token derived from a role id

Find a file

dependabot[bot] 3531ba3f1d Bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.5 to 0.7.7. - [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.5...v0.7.7) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-retryablehttp dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>		2024-06-24 22:14:47 +00:00
.github/workflows	Replace CI tooling	2023-11-29 11:30:42 +01:00
CONTRIBUTING.md	Add metadata	2017-04-23 19:45:54 +02:00
go.mod	Bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7	2024-06-24 22:14:47 +00:00
go.sum	Bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7	2024-06-24 22:14:47 +00:00
History.md	prepare release v0.5.1	2024-04-19 20:00:00 +02:00
LICENSE	Add metadata	2017-04-23 19:45:54 +02:00
main.go	Rewrite, add support for secret override file	2022-10-18 12:58:07 +02:00
Makefile	Add build env	2017-04-23 20:02:32 +02:00
README.md	Cleanup README	2023-11-29 11:33:50 +01:00

README.md

Luzifer / vault-user-token

This project is intended to constantly renew a Vault token derived from a role id.

That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.

As secret multiple strings are possible:

Full Hostname (--full-hostname=true)
Short Hostname (--full-hostname=false)
Secret from disk (~/.config/vault-user-token.secret, file must have 0o400 or 0o600 permission, content is stripped for whitespaces)