golang client api for getting token using approle auth method

1,461 views
Skip to first unread message

Siddhesh Divekar

unread,
Sep 20, 2019, 2:18:17 AM9/20/19
to Vault
Hi,

I am planning to use approle authentication & have created app-id & secret-id.
Does vault go client api has an api to get the token using both of them.

Since the path used to get the token for approle is "auth/approle/login",
I tried searching approle in vault/api directory but no luck.

Finally I wrote a wrapper around using golang http package & following curl api example.

 curl \
    --request POST \
    --data '{"role_id":"988a9df-...","secret_id":"37b74931..."}' \

If this is already supported in golang api client I would like to use that instead of my wrapper.

Thanks,
-Siddhesh

Michel Vocks

unread,
Sep 20, 2019, 5:26:34 AM9/20/19
to Vault
Hi there!

You can use the "Logical" interface to authenticate via the Vault Client API.

Cheers,
Michel

Siddhesh Divekar

unread,
Sep 20, 2019, 3:00:56 PM9/20/19
to vault...@googlegroups.com
Thanks Michael !
Was already playing around it and it worked !

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/46e1016c-a9f5-4bdc-8e1a-5741af8c5a14%40googlegroups.com.


--
-Siddhesh.

Siddhesh Divekar

unread,
Sep 20, 2019, 3:55:02 PM9/20/19
to vault...@googlegroups.com
Michel,

After getting the token using approle I set it in my client obj using Client.SetToken.
At this point of time if the token has refresh capabilities can I refresh the token ?

Do I need any additional token to refresh this token ?

client.SetToken(TokenReceivedFromAppRole)
t := TokenAuth{
c: client,
}
s=t.RenewSelf(100)
client.SetToken(s.AuthClientToken) &
then continue my operations.

Is there a better approach of renewing the token ?
--
-Siddhesh.

Nick Cabatoff

unread,
Sep 23, 2019, 9:03:38 AM9/23/19
to vault...@googlegroups.com
Hi Siddhesh,

You don't usually need an additional token to renew yourself.  You may wish to configure approle to create periodic tokens (example here) so that your app can continue renewing itself indefinitely.  

There's nothing wrong with doing it directly the way you showed (though the token won't change, so you don't need to call SetToken again with the result of the renew call), but an alternative you could consider is to use a Renewer: https://godoc.org/github.com/hashicorp/vault/api#Renewer

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAMjfk%2BgSQngyBAs175UGQscXnv3_4QWfs5u19F8K%3DELgLqc2uQ%40mail.gmail.com.

Siddhesh Divekar

unread,
Sep 24, 2019, 12:38:10 PM9/24/19
to vault...@googlegroups.com
Thanks Nick.
I will take a look at Renewer & go over the example you sent.

To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/CAF%3DRO8LRzTZtHxSJBh_oYWzvWKksLkoGhuAj-Z7HQu_T99HtZA%40mail.gmail.com.


--
-Siddhesh.
Reply all
Reply to author
Forward
0 new messages