https://github.com/luzifer/vault-user-token
This project is intended to constantly renew a Vault token derived from a role id
https://github.com/luzifer/vault-user-token
security vault
Last synced: over 1 year ago
JSON representation
This project is intended to constantly renew a Vault token derived from a role id
- Host: GitHub
- URL: https://github.com/luzifer/vault-user-token
- Owner: Luzifer
- License: apache-2.0
- Created: 2017-04-23T17:46:17.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2024-12-12T10:58:06.000Z (over 1 year ago)
- Last Synced: 2025-02-10T15:39:57.638Z (over 1 year ago)
- Topics: security, vault
- Language: Go
- Homepage:
- Size: 733 KB
- Stars: 1
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: History.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# Luzifer / vault-user-token
This project is intended to constantly renew a Vault token derived from a role id.
That way the machine only contains a temporary token expiring after a short while if the program is no longer running. So if a machine is lost (physically) the corresponding secret can be revoked and the machine will no longer be able to access the vault instance.
As secret multiple strings are possible:
- Full Hostname (`--full-hostname=true`)
- Short Hostname (`--full-hostname=false`)
- Secret from disk (`~/.config/vault-user-token.secret`, file must have `0o400` or `0o600` permission, content is stripped for whitespaces)