Token Auth Method terraform
75 views
Skip to first unread message
Donislav Belev
Jul 27, 2018, 10:37:02 AM7/27/18
to Vault
Hello Guys
I have configured vault policies with terraform like this
resource "vault_policy" "dev" {
name = "dev"
policy = <<EOT
path "secret/dev" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "auth/token/create" {
capabilities = ["update"]
}
EOT
}
name = "dev"
policy = <<EOT
path "secret/dev" {
capabilities = ["create", "read", "update", "delete", "list"]
}
path "auth/token/create" {
capabilities = ["update"]
}
EOT
}
Now I need to configure roles. With API this looks like that:
vault write /auth/token/roles/dev allowed_policies="dev" period="876h"
I am missing the recource name and syntax for doing this with terraform.
Regards
Carlos Vitor Barros
Jul 27, 2018, 12:19:26 PM7/27/18
to vault...@googlegroups.com
Terraform Vault provider doesn't have support to configure the mappings for several auth methods.
You need to configure this via the CLI or API calls.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/310f98c4-6f86-4aad-ac81-727b526ece71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Donislav Belev
Jul 31, 2018, 7:26:12 AM7/31/18
to Vault
Thank you Carlos.
In that case do u know any way I can issue a token with validity and period like few years long.
Normally I would do
vault token-create -role devand I would have role dev with policy dev and period defined as
87600h for example
May I issue such token without using role?
Carlos Vitor Barros
Aug 1, 2018, 1:53:21 PM8/1/18
to vault...@googlegroups.com
Hi Donislav,
Using the CLI you can use:
This allows you to create token that have the given policies attached.
Regards,
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/f4fa41f0-9e34-45a7-a6ab-ae2b9750e4e6%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages