1
0
Fork 0
mirror of https://github.com/Luzifer/vault-user-token.git synced 2024-12-26 15:51:21 +00:00
This project is intended to constantly renew a Vault token derived from a role id
Find a file
2024-12-12 11:58:03 +01:00
.github/workflows Replace CI tooling 2023-11-29 11:30:42 +01:00
CONTRIBUTING.md Add metadata 2017-04-23 19:45:54 +02:00
go.mod Update Go dependencies 2024-12-12 11:57:50 +01:00
go.sum Update Go dependencies 2024-12-12 11:57:50 +01:00
History.md prepare release v0.5.3 2024-12-12 11:58:03 +01:00
LICENSE Add metadata 2017-04-23 19:45:54 +02:00
main.go Rewrite, add support for secret override file 2022-10-18 12:58:07 +02:00
Makefile Add build env 2017-04-23 20:02:32 +02:00
README.md Cleanup README 2023-11-29 11:33:50 +01:00

Luzifer / vault-user-token

This project is intended to constantly renew a Vault token derived from a role id.

That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.

As secret multiple strings are possible:

  • Full Hostname (--full-hostname=true)
  • Short Hostname (--full-hostname=false)
  • Secret from disk (~/.config/vault-user-token.secret, file must have 0o400 or 0o600 permission, content is stripped for whitespaces)