1
0
Fork 0
mirror of https://github.com/Luzifer/vault-user-token.git synced 2024-11-08 17:30:06 +00:00
vault-user-token/README.md
Knut Ahlers 3efdaa2a1f
Cleanup README
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2023-11-29 11:33:50 +01:00

646 B

Luzifer / vault-user-token

This project is intended to constantly renew a Vault token derived from a role id.

That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.

As secret multiple strings are possible:

  • Full Hostname (--full-hostname=true)
  • Short Hostname (--full-hostname=false)
  • Secret from disk (~/.config/vault-user-token.secret, file must have 0o400 or 0o600 permission, content is stripped for whitespaces)