Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/brightspace/vault-ec2auth

A simple agent to authenticate an AWS EC2 instance against Hashicorp Vault
https://github.com/brightspace/vault-ec2auth

aws ec2 vault

Last synced: 5 days ago
JSON representation

A simple agent to authenticate an AWS EC2 instance against Hashicorp Vault

Host: GitHub
URL: https://github.com/brightspace/vault-ec2auth
Owner: Brightspace
License: apache-2.0
Created: 2017-04-19T14:46:30.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2017-07-14T12:42:02.000Z (over 7 years ago)
Last Synced: 2024-06-21T11:15:55.596Z (5 months ago)
Topics: aws, ec2, vault
Language: Go
Homepage:
Size: 15.6 KB
Stars: 13
Watchers: 10
Forks: 3
Open Issues: 1
Metadata Files:
- Readme: readme.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

README

# Vault-EC2Auth

This agent is intended to make EC2 authentication against Vault as simple as possible. Simply launch the agent in the
background and anytime you need to access vault, your token is available at `~/.vault-token` which is the default location
that the `vault` CLI looks for its access token.

## Quick start

Options for getting started:

* [Download the latest release](../../releases).
* Clone the repo: `git clone https://github.com/Brightspace/vault-ec2auth.git`.

Typical usage:

* Run once and exit: `vault-ec2auth -role my_role`
* Run as agent: `vault-ec2auth -agent -role my_role`

## How it works

Upon launch, the agent will immediately attempt to connect to Vault at `https://vault.service.consul:8200` to retrieve
a token for the requested role.

The token is written to `~/.vault-token` and the nonce to `~/.vault-nonce`.

If running in agent mode, it will then block for half of the lease duration before attempting to reauthenticate with Vault
using the nonce value stored in `~/.vault-nonce`.

## Documentation

* Additional options can be seen by running the tool with no parameters.

### Running as an agent

By providing the `-agent` argument the agent will block until cancelled with `ctrl+c`. In this mode leases will be automatically
renewed at the half-life of the lease.

## Versioning

Vault EC2Auth Agent releases are maintained under [the Semantic Versioning guidelines](http://semver.org/).

## Contributing

Please read through our [contributing guidelines](CONTRIBUTING.md). Included are directions for opening issues, coding standards, and notes on development.