{"id":19601465,"url":"https://github.com/stackstorm/st2-auth-backend-vault","last_synced_at":"2025-04-27T17:31:59.048Z","repository":{"id":47751293,"uuid":"254236935","full_name":"StackStorm/st2-auth-backend-vault","owner":"StackStorm","description":"Authentication backend for StackStorm which reads authentication information from HashiCorp Vault service.","archived":false,"fork":false,"pushed_at":"2024-10-21T14:03:03.000Z","size":62,"stargazers_count":1,"open_issues_count":1,"forks_count":3,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-05T01:32:26.604Z","etag":null,"topics":["auth","st2","vault"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/StackStorm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-04-09T01:02:41.000Z","updated_at":"2024-10-21T14:03:07.000Z","dependencies_parsed_at":"2024-10-22T00:25:06.273Z","dependency_job_id":null,"html_url":"https://github.com/StackStorm/st2-auth-backend-vault","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackStorm%2Fst2-auth-backend-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackStorm%2Fst2-auth-backend-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackStorm%2Fst2-auth-backend-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/StackStorm%2Fst2-auth-backend-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/StackStorm","download_url":"https://codeload.github.com/StackStorm/st2-auth-backend-vault/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251177944,"owners_count":21548133,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","st2","vault"],"created_at":"2024-11-11T09:18:33.276Z","updated_at":"2025-04-27T17:31:58.665Z","avatar_url":"https://github.com/StackStorm.png","language":"Python","readme":"# HashiCorp Vault authentication backend for StackStorm\n\n[![Build Status](https://github.com/StackStorm/st2-auth-backend-vault/actions/workflows/tox.yaml/badge.svg)](https://github.com/StackStorm/st2-auth-backend-vault/actions/workflows/tox.yaml)\n\n## Overview\n\nThe HashiCorp Vault backend checks credentials and authenticates users against a\nHashiCorp Vault instance. Vault itself supports multiple different \n[authentication methods](https://www.vaultproject.io/docs/auth/index.html)\ndetailed in their documentation. This backend can be configured to authenticate\nwith any of the currently available Vault auth methods, however only one Vault \nAuth Method can be configured at a time.\n\n**Supported auth methods:**\n* [app_id](#app_id)\n* [app_role](#app_role)\n* [aws](#aws)\n* [azure](#azure)\n* [gcp](#gcp)\n* [github](#github)\n* [kubernetes](#kubernetes)\n* [ldap](#ldap)\n* [okta](#okta)\n* [radius](#radius)\n* [token](#token)\n* [userpass](#userpass)\n\n## Configuration Options\n\n| option           | required | default | description                                              |\n|------------------|----------|---------|----------------------------------------------------------|\n| vault_url        | true     |         | URL to the Vault API (ex: https://vault.domain.tld:8200) |\n| auth_method      | true     |         | Name of the Vault auth method to use when authenticating |\n| path             | false    | None    | Alternate path/mount-point for the auth method. This is only needed if you did something like `vault auth enable -path=mycustompath userpass`, then you would set this variable equal to `'mycustompath'`. Otherwise the default path for the auth method is used. |\n| ssl_verify       | false    | True    | Verify the SSL server certificates of the Vault server   |\n| ssl_ca_cert      | false    | None    | Filesystem path to the SSL CA cert to use for SSL verification. Specifying this value automatically enables the `ssl_verify` parameter turning on SSL verification. |\n| ssl_client_cert  | false    | None    | Filesystem path to the SSL client certificate to use when communicating with the Vault API. If the client cert is split into a `.cert` and `.key` file then this is the path to the `.cert` file. Otherwise, if you have a bundled certificate and key in a `.pem` file, then this is the path to that `.pem` file. | \n| ssl_client_key   | false    | None    | Filesystem path to the SSL client certificate key to use when communicating with the Vault API. If the client cert is split into a `.cert` and `.key` file then this is the path to the `.key` file. Otherwise, do not specify this parameter |\n\n### Configuration Example\n\nPlease refer to the authentication section in the StackStorm\n[documentation](http://docs.stackstorm.com) for basic setup concept. The\nfollowing is an example of the auth section in the StackStorm configuration file\ncommunicating with the Vault backend using the [userpass](#userpass) auth method.\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"userpass\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"app_id\"\u003e\u003c/a\u003e Auth Method: App ID\n\nApp ID is an auth method where you can authenticate using an application\nID and a user ID. For more information on the App ID auth method, see the\n[Vault App ID documentation](https://www.vaultproject.io/docs/auth/app-id.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | App ID param |\n|---------------|--------------|\n| username      | app_id       |\n| password      | user_id      |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u \u003capp_id\u003e:\u003cuser_id\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login \u003capp_id\u003e\nPassword: \u003cuser_id\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"app_id\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"app_role\"\u003e\u003c/a\u003e Auth Method: App Role\n\nApp Role is an auth method where you can authenticate an application\nwith a Vault-defined role using a generated secret. For more information on the\nApp Role auth method, see the\n[Vault App Role documentation](https://www.vaultproject.io/docs/auth/approle.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | App Role param |\n|---------------|----------------|\n| username      | role_id        |\n| password      | secret_id      |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u \u003crole_id\u003e:\u003csecret_id\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login \u003crole_id\u003e\nPassword: \u003csecret_id\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"app_role\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"aws\"\u003e\u003c/a\u003e Auth Method: AWS\n\nAWS is an auth method where you can authenticate using AWS IAM access key and secret keys .\nFor more information on the AWS auth method, see the\n[Vault AWS documentation](https://www.vaultproject.io/docs/auth/aws.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | AWS param  |\n|---------------|------------|\n| username      | access_key |\n| password      | secret_key |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u \u003caccess_key\u003e:\u003csecret_key\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login \u003caccess_key\u003e\nPassword: \u003csecret_key\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"aws\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"azure\"\u003e\u003c/a\u003e Auth Method: Azure\n\nAzure is an auth method where you can authenticate against Azure Active Directory.\nThis works by creating a role in Vault that maps a name to a set of tenant information.\nThe password is a signed JWT token from Azure Active Directory.\nFor more information on the Azure auth method, see the\n[Vault Azure documentation](https://www.vaultproject.io/docs/auth/azure.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | Azure param |\n|---------------|-------------|\n| username      | role_name   |\n| password      | jwt_token   |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u \u003crole_name\u003e:\u003cjwt_token\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login \u003crole_name\u003e\nPassword: \u003cjwt_token\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"azure\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"gcp\"\u003e\u003c/a\u003e Auth Method: GCP\n\nGCP is an auth method where you can authenticate using Google credentials.\nThis works by creating a role in Vault that maps a name to a set of tenant information.\nThe password is a signed JWT token from the Google authentication entity.\nFor more information on the GCP auth method, see the\n[Vault GCP documentation](https://www.vaultproject.io/docs/auth/gcp.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | GCP param |\n|---------------|-----------|\n| username      | role_name |\n| password      | jwt_token |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u \u003crole_name\u003e:\u003cjwt_token\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login \u003crole_name\u003e\nPassword: \u003cjwt_token\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"gcp\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"github\"\u003e\u003c/a\u003e Auth Method: GitHub\n\nGitHub is an auth method where you can authenticate using a GitHub token. \nFor more information on the GitHub auth method, see the\n[Vault GitHub documentation](https://www.vaultproject.io/docs/auth/github.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this auth method:\n\n\n| st2auth param | GitHub param |\n|---------------|--------------|\n| username      | \u003cunused\u003e     |\n| password      | token        |\n\n**NOTE** In this auth method, the `username` is NOT used. The `password` is\n         used for the GitHub token. Simply pass in any string as the `username`\n         and then the GitHub token as the `password`.\n         \nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u unused:\u003ctoken\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login unused\nPassword: \u003ctoken\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"github\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"kubernetes\"\u003e\u003c/a\u003e Auth Method: Kubernetes\n\nKubernetes is an auth method where you can authenticate against a Kubernetes cluster\nService Account Token.\nThis works by creating a role in Vault that maps a name to the service account information.\nThe password is a signed JWT token for the Kubernetes service account.\nFor more information on the Kubernetes auth method, see the\n[Vault Kubernetes documentation](https://www.vaultproject.io/docs/auth/kubernetes.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | Kubernetes param |\n|---------------|------------------|\n| username      | role_name        |\n| password      | jwt_token        |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u \u003crole_name\u003e:\u003cjwt_token\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login \u003crole_name\u003e\nPassword: \u003cjwt_token\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"kubernetes\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"ldap\"\u003e\u003c/a\u003e Auth Method: LDAP\n\nLDAP is an auth method where you can authenticate against an existing LDAP\nserver using username and password.\nLDAP binding information is configured within Vault when setting up the auth method.\nFor more information on the LDAP auth method, see the\n[Vault LDAP documentation](https://www.vaultproject.io/docs/auth/ldap.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | LDAP param |\n|---------------|------------|\n| username      | username   |\n| password      | password   |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u \u003cusername\u003e:\u003cpassword\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login \u003cusername\u003e\nPassword: \u003cpassword\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"ldap\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"okta\"\u003e\u003c/a\u003e Auth Method: Okta\n\nOkta is an auth method where you can authenticate against the Okta authentication\nservice using a username and password.\nOkta account information is configured within Vault when setting up the auth method.\nFor more information on the Okta auth method, see the\n[Vault Okta documentation](https://www.vaultproject.io/docs/auth/okta.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | Okta param |\n|---------------|------------|\n| username      | username   |\n| password      | password   |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u \u003cusername\u003e:\u003cpassword\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login \u003cusername\u003e\nPassword: \u003cpassword\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"okta\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"radius\"\u003e\u003c/a\u003e Auth Method: RADIUS\n\nRADIUS is an auth method where you can authenticate against an existing RADIUS \nserver that accepts the PAP authentication scheme.\nRADIUS server information is configured within Vault when setting up the auth method.\nFor more information on the Radius auth method, see the\n[Vault Radius documentation](https://www.vaultproject.io/docs/auth/radius.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | RADIUS param |\n|---------------|--------------|\n| username      | username    |\n| password      | password    |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u \u003cusername\u003e:\u003cpassword\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login \u003cusername\u003e\nPassword: \u003cpassword\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"radius\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"token\"\u003e\u003c/a\u003e Auth Method: Token\n\nToken is an auth method where you can authenticate using a Vault Token (built-in).\nFor more information on the Token auth method, see the\n[Vault Token documentation](https://www.vaultproject.io/docs/auth/token.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | Token param |\n|---------------|-------------|\n| username      | \u003cunused\u003e  |\n| password      | token       |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u unused:\u003ctoken\u003e https://stackstorm.domain.tld/auth/v1/tokens\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login unused\nPassword: \u003ctoken\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"token\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n### \u003ca name=\"userpass\"\u003e\u003c/a\u003e Auth Method: Userpass\n\nUserpass is an auth method where you can authenticate using a Vault uername\nand password.\nFor more information on the Userpass auth method, see the\n[Vault Userpass documentation](https://www.vaultproject.io/docs/auth/userpass.html).\n\nTo utilize this method with StackStorm we will utilize the `username` and `password`\nparameters passed into the `st2auth` service and map them to the following \nparameters for this  auth method:\n\n| st2auth param | Userpass param |\n|---------------|----------------|\n| username      | username       |\n| password      | password       |\n\nHere's an example of authenticating, using this auth method, with a `curl` command:\n\n``` shell\ncurl -k -X POST -u \u003cusername\u003e:\u003cpassword\u003e https://stackstorm.domain.tld/auth/v1/token\n```\n\nHere's an example of authenticating, using this auth method, with the `st2 login` command:\n\n``` shell\n$ st2 login \u003cusername\u003e\nPassword: \u003cpassword\u003e\n```\n\nThe configuration for this auth method will look like the following:\n\n```\n[auth]\nmode = standalone\nbackend = vault\nbackend_kwargs = {\"vault_url\": \"https://vault.domain.tld:8200\", \"auth_method\": \"userpass\"}\nenable = True\nlogging = /path/to/st2auth.logging.conf\napi_url = https://myhost.example.com:9101\ndebug = False\n```\n\n\n### Development\n\nTo easily startup a Vault server simply run:\n\n``` shell\nvagrant up\n```\n\nThis boots up a Docker container running Vault.\n\nYou can run commands within this container like so:\n\n``` shell\nvagrant docker-exec -- vault status\n```\n\nIf you, for some reason, need to enter the container simply run:\n\n``` shell\nvagrant docker-exec -it -- /bin/sh\n```\n\nTo stop the container:\n\n``` shell\nvagrant destroy\n```\n\n#### Development - Unit tests\n\nUnit tests do not require the Vault container, instead the API is mocked out.\nTo execute the unit tests we'll setup a virtualenv, install tox, then run tox.\n\n``` shell\nvirtualenv virtualenv\nsource ./virtualenv/bin/activate\npip install tox\ntox -e py27,py36\n```\n\nYou can also run the linting tests, after the virtualenv is activated:\n\n``` shell\ntox -e lint\n```\n\nOr, you can run them both together:\n\n``` shell\ntox -e py27,py36,lint\n```\n\n#### Development - Integration tests\n\nOur integration tests rely on an instance of Vault running in a Docker container\nthat is started and managed by Vagrant. To execute these tests you will need\nthe following installed:\n\n* Docker - install instructions [here](https://docs.docker.com/install/)\n* Vagrant - install instructions [here](https://www.vagrantup.com/docs/installation/)\n\nOnce these dependencies have been installed we will tell Vagrant to start up\nour Vault container, and then execute our integration tests using tox (our\nvirtualenv must be activated like above):\n\n```shell\n# start docker container with Vagrant\nvagrant up\n\n# setup virtualenv+tox\nvirtualenv virtualenv\nsource ./virtualenv/bin/activate\npip install tox\n\n# run tests\ntox -e integration\n\n# stop docker container\nvagrant destroy\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackstorm%2Fst2-auth-backend-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstackstorm%2Fst2-auth-backend-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstackstorm%2Fst2-auth-backend-vault/lists"}