Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/scop/vault-token-helper-secret-tool

@HashiCorp Vault token helper using secret-tool / libsecret
https://github.com/scop/vault-token-helper-secret-tool

credentials-helper hashicorp-vault libsecret linux shell token-authentication vault-client

Last synced: 3 months ago
JSON representation

@HashiCorp Vault token helper using secret-tool / libsecret

Host: GitHub
URL: https://github.com/scop/vault-token-helper-secret-tool
Owner: scop
Created: 2020-05-08T14:01:34.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2024-04-15T20:37:05.000Z (9 months ago)
Last Synced: 2024-04-16T14:27:49.371Z (9 months ago)
Topics: credentials-helper, hashicorp-vault, libsecret, linux, shell, token-authentication, vault-client
Language: Shell
Homepage:
Size: 20.5 KB
Stars: 3
Watchers: 3
Forks: 2
Open Issues: 3
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# vault-token-helper-secret-tool [![CI status](https://github.com/scop/vault-token-helper-secret-tool/actions/workflows/check.yaml/badge.svg)](https://github.com/scop/vault-token-helper-secret-tool/actions/workflows/check.yaml)

A [HashiCorp Vault](https://www.vaultproject.io/) [token helper](https://www.vaultproject.io/docs/commands/token-helper) in a
few lines of POSIX shell code, using
[libsecret's](https://wiki.gnome.org/Projects/Libsecret)
`secret-tool`.

## Usage

Clone this repo or install the script somewhere some other way, run it
with the `enable` argument:

```shell
./vault-token-helper-secret-tool enable
```

### Advanced

Multiple different tokens can be used with this helper by installing
(e.g. by symlinking) it to another name; the part after
`vault-token-helper-secret-tool` in its basename will be used to
identify tokens managed by that helper in the secret store. The
default identifier for a suffixless script is `default`.

When changing between tokens, the helper name needs to be swapped in
Vault config accordingly though. Or alternatively, multiple config
files (with uniquely named helper in each of them) can be used too,
and the `VAULT_CONFIG_PATH` environment variable changed as needed to
choose between them.

## Alternatives, credits

Inspired by
[joemiller/vault-token-helper](https://github.com/joemiller/vault-token-helper),
but much smaller and simpler. For something more elaborate than this
one, as well as for support for other store backends besides what
libsecret works with, that'd be one alternative to look into.

## License

SPDX-License-Identifier: Apache-2.0