{"id":20245811,"url":"https://github.com/pranosa/vaultjwtplugin","last_synced_at":"2025-10-08T14:23:51.904Z","repository":{"id":218032598,"uuid":"745266717","full_name":"PranoSA/VaultJWTPlugin","owner":"PranoSA","description":"Vault Plugin That Created Signed JWT with the Configured Per-Engine (Issuer, Audience) and Per Role (Subject) Configuration.","archived":false,"fork":false,"pushed_at":"2024-01-20T07:42:11.000Z","size":50,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-03T15:47:11.134Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PranoSA.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-19T00:55:11.000Z","updated_at":"2024-01-20T02:07:45.000Z","dependencies_parsed_at":null,"dependency_job_id":"a8a2817c-5a4d-4553-a1cf-55af2de13de8","html_url":"https://github.com/PranoSA/VaultJWTPlugin","commit_stats":null,"previous_names":["pranosa/vaultjwtplugin"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/PranoSA/VaultJWTPlugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PranoSA%2FVaultJWTPlugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PranoSA%2FVaultJWTPlugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PranoSA%2FVaultJWTPlugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PranoSA%2FVaultJWTPlugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PranoSA","download_url":"https://codeload.github.com/PranoSA/VaultJWTPlugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PranoSA%2FVaultJWTPlugin/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259301677,"owners_count":22836976,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T09:24:13.864Z","updated_at":"2025-10-08T14:23:46.859Z","avatar_url":"https://github.com/PranoSA.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Plugin Outline \n\n## Per Engine Configuration \n\nConfigure a JWT \"Issuer\"\nAT \n{engine-name}/config/{engine_id}\n\nThis Includes \n[Audience]\n[Issuer]\n[Allowed_Subjects]\n[Default_Token_Exp]\n\n## Per Role Configuration\n\nConfigure a Role \nAT \n{engine-name}/role/{role-name}\nSUCH AS \n[Engine-ID]\n[Subject]\n[MAX_TTL] (DEFAULTS TO Engine)\n[ROLE]\n\n\n## GET Credentials\n{engine-name}/creds/{role-name}\n\n\n## Public Information\n{engine-name}/{engine-id}/public\n\nReturns Public Key IDs Corresponding to Private KEys\n\n## Plugin Data Configuration and Keys\n\n[Engine+Engine-ID]\n    [Issuer]\n    [Audience]\n    [Allowed-Subjects]\n    [Default_Token_Exp]\nEngine-ID+keys:[]\n    [ID]\n    [PRIVATE-KEY] (Deprecated)\n    [PUBLIC-KEY] (Deprecated)\n\nRole+[ROLE-ID]\n    [ENGINE-ID]\n    [Subject]\n    [MAX_TTL]\n    [ROLE]\n\nCredentials\n    Each Lease\n        Has A Keyid\n        And a Token\n    [privkey+uuid]\n    [publickey+uuid]\n\n    Lease Time : Max of Requested_TTL, Engine Configured TTL, Role MAX_TTL\n\n    Renewal -\u003e Sign a New JWT With Initial Lease Options\n\n    Revocation -\u003e Remove the Public Key From Storage -\u003e Just For Now .... Need another way of verifying the Token \n\n\n\n\nExample With Vault Dev:\n    go build -o jwks_plugin\n    cp jwks_plugin /.vault/plugins/plugin\n\n    vault server -dev -dev-plugin-dir=/.vault/plugins\n    export VAULT_ADDR=\"http://127.0.0.1:8200\"\n    vault secrets enable -path=/jwks_plugin -plugin-name=mypugin plugin\n\n    // Set Engine Config, id = cook\n    vault write myplugin/config/cook Allowed_Subjects=\"vault,user,sice\" Issuer=vault Audience=vault TTL=3600\n\n    // Set Config For Role row, subject = bob \n     vault write myplugin/role/row  TTL=1000 Subject=bob EngineId=cook\n\n     // Get Credentials With Read Access\n     vault read myplugin/cred/row  Requested_TTL=20\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpranosa%2Fvaultjwtplugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpranosa%2Fvaultjwtplugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpranosa%2Fvaultjwtplugin/lists"}