Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/statcan/vault-plugin-secrets-minio

Vault plugin which will provision multi-user keys for Minio
https://github.com/statcan/vault-plugin-secrets-minio

aaw daaas kubernetes minio vault vault-plugin

Last synced: 24 days ago
JSON representation

Vault plugin which will provision multi-user keys for Minio

Host: GitHub
URL: https://github.com/statcan/vault-plugin-secrets-minio
Owner: StatCan
License: bsd-3-clause
Created: 2020-04-28T21:53:08.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2021-02-18T16:41:00.000Z (almost 4 years ago)
Last Synced: 2024-12-03T17:06:57.221Z (26 days ago)
Topics: aaw, daaas, kubernetes, minio, vault, vault-plugin
Language: Go
Homepage:
Size: 33.2 KB
Stars: 11
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

# vault-plugin-secrets-minio

This is a plugin for [HashiCorp Vault][vault] which will provision multi-user keys for the [Minio object storage][minio] server.

## Usage

Once the plugin is registered with your vault instance, you can enable it on a particular path:

```sh
vault secrets enable \
-path=minio \
-plugin-name=vault-plugin-secrets-minio \
-description="Instance of the Minio plugin" \
plugin
```

### Configuration

In order to configure the plugin instance, you must supply it with your Minio endpoint, the access key ID, and the secret access key for the Minio initial user.

```sh
vault write minio/config \
endpoint=: \
accessKeyId= \
secretAccessKey= \
useSSL=
```

You can read the current configuration:

```sh
vault read minio/config
```

### Roles

Before you can issue keys, you must define a role. A role defines the policy which will be applied to the newly created user, and a name prefix for the key.

```sh
vault write minio/roles/example-role \
policy=
user_name_prefix=
```

The `` is prefixed to the Vault request id for a key request, and defaults to an empty string. Having the Vault request id as the latter part of the name allows you to trace the key issuer via the Vault audit log. You may also optionally supply a `default_ttl` and `max_ttl` which will apply to the lease created by this role.

```sh
vault read minio/roles/example-role
```

Returns the configuration for a particular role.

```sh
vault list minio/roles
```

Lists all configured roles.

### Provisioning keys

```sh
vault read minio/keys/example-role
```

Returns the accessKeyId, secretAccessKey, policy and account status for the newly generated key.

## Acknowledgements

Leverages and builds upon the amazing work done by [Kula][kula]

[kula]: https://github.com/kula/vault-plugin-secrets-minio
[vault]: https://vaultproject.io
[minio]: https://minio.io