mirror of
https://github.com/Luzifer/vault-user-token.git
synced 2024-12-20 12:51:20 +00:00
11 lines
646 B
Markdown
11 lines
646 B
Markdown
# Luzifer / vault-user-token
|
|
|
|
This project is intended to constantly renew a Vault token derived from a role id.
|
|
|
|
That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.
|
|
|
|
As secret multiple strings are possible:
|
|
|
|
- Full Hostname (`--full-hostname=true`)
|
|
- Short Hostname (`--full-hostname=false`)
|
|
- Secret from disk (`~/.config/vault-user-token.secret`, file must have `0o400` or `0o600` permission, content is stripped for whitespaces)
|