luzifer/vault-user-token
1
0
Fork 0
mirror of https://github.com/Luzifer/vault-user-token.git synced 2024-11-08 17:30:06 +00:00
Code Issues Releases Wiki Activity
This project is intended to constantly renew a Vault token derived from a role id
20 commits 1 branch 7 tags 792 KiB
Go 97.2%
Makefile 2.8%
Find a file
Knut Ahlers 075c391096
prepare release v0.5.2
2024-10-29 10:16:34 +01:00
.github/workflows Replace CI tooling 2023-11-29 11:30:42 +01:00
CONTRIBUTING.md Add metadata 2017-04-23 19:45:54 +02:00
go.mod Update Go dependencies 2024-10-29 10:16:11 +01:00
go.sum Update Go dependencies 2024-10-29 10:16:11 +01:00
History.md prepare release v0.5.2 2024-10-29 10:16:34 +01:00
LICENSE Add metadata 2017-04-23 19:45:54 +02:00
main.go Rewrite, add support for secret override file 2022-10-18 12:58:07 +02:00
Makefile Add build env 2017-04-23 20:02:32 +02:00
README.md Cleanup README 2023-11-29 11:33:50 +01:00

README.md

Luzifer / vault-user-token

This project is intended to constantly renew a Vault token derived from a role id.

That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.

As secret multiple strings are possible:

  • Full Hostname (--full-hostname=true)
  • Short Hostname (--full-hostname=false)
  • Secret from disk (~/.config/vault-user-token.secret, file must have 0o400 or 0o600 permission, content is stripped for whitespaces)