Skip to content
This repository has been archived by the owner on Nov 14, 2022. It is now read-only.
/ vault-tokens Public archive

Generates Vault tokens for a User based off their AD groups

3 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

uswitch/vault-tokens

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
vendor
vendor
 
 
.drone.yml
.drone.yml
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Gopkg.lock
Gopkg.lock
 
 
Gopkg.toml
Gopkg.toml
 
 
README.md
README.md
 
 
main.go
main.go
 
 
main_test.go
main_test.go
 
 
test.csv
test.csv
 
 

Repository files navigation

Vault-tokens

Vault-tokens requests a token from vault on your behalf using a user's forwarded groups to determine the policy applied to the token.

Environment Variables

  • VAULT_SERVER Vault server address
  • VAULT_TOKEN Token for the server to interact with Vault
  • VAULT_CAPATH Path to the vault server CA
  • CONFIG_PATH Path to csv config file with allowed groups
  • REDIRECT If set to true will redirect responses to http://localhost:63974/authed

Config File

You can optionally use a config file with a comma separated list of the groups you want to allow. e.g:

super-users,read-only,analysts

Headers

The application expects to receive a header X-FORWARDED-GROUPS in the format GroupA|GroupB|GroupC as well as a header for user name X-FORWARDED-USER.

Redirecting to localhost

By default the token will be just included in the response but if you want to instead redirect the reponse to localhost (e.g for use in a cli tool) you can see REDIRECT to true and it will redirect the reponse to http://localhost:63974/authed.

About

Generates Vault tokens for a User based off their AD groups

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

14 watching

Forks

4 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages