GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → hashicorp → Vault Auth Plugin Example

hashicorp / Vault Auth Plugin Example

Licence: mpl-2.0
An example @HashiCorp Vault auth plugin

Labels

makefile

Projects that are alternatives of or similar to Vault Auth Plugin Example

Electron Flatpak Base App
Flatpak runtime for electron apps based on the freedesktop runtime.
Stars: ✭ 13 (-51.85%)
Mutual labels:  makefile
Fdgw2
Build minimal NetBSD bootable disk image
Stars: ✭ 14 (-48.15%)
Mutual labels:  makefile
Openpht
OpenPHT for AML
Stars: ✭ 20 (-25.93%)
Mutual labels:  makefile
Elixir.mk
A (very) experimental plugins for erlang.mk to use Elixir modules in Erlang
Stars: ✭ 13 (-51.85%)
Mutual labels:  makefile
Cocos2d Lua Sproto
cocos2d-lua集成sproto协议
Stars: ✭ 14 (-48.15%)
Mutual labels:  makefile
Android device huawei next
LineageOS device tree for the Huawei Mate 8 - [Unmaintained]
Stars: ✭ 15 (-44.44%)
Mutual labels:  makefile
Tornado Doc Chinese
Tornado 中文文档翻译.
Stars: ✭ 12 (-55.56%)
Mutual labels:  makefile
Node Tab
Unix-style tables for command-line utilities
Stars: ✭ 21 (-22.22%)
Mutual labels:  makefile
Slugrunner
Buildpack application runner for Deis Workflow.
Stars: ✭ 14 (-48.15%)
Mutual labels:  makefile
Android device samsung toroplus
Stars: ✭ 15 (-44.44%)
Mutual labels:  makefile
Ferret
Ferret is a free software lisp implementation for real time embedded control systems.
Stars: ✭ 878 (+3151.85%)
Mutual labels:  makefile
Stanford Drupal Profile
A dev / test-only version of the Drupal Hosting Service Configuration
Stars: ✭ 13 (-51.85%)
Mutual labels:  makefile
Codk A
Stars: ✭ 15 (-44.44%)
Mutual labels:  makefile
Robopsychology
How to become a robopsychologist
Stars: ✭ 13 (-51.85%)
Mutual labels:  makefile
Android Audioplayer
An AudioPlayer For Android Platform
Stars: ✭ 16 (-40.74%)
Mutual labels:  makefile
3d Semantic Segmentation For Scene Parsing
A new approach for the real time 3D semantic segmentation based on feature abstract and deep learning method
Stars: ✭ 13 (-51.85%)
Mutual labels:  makefile
Mlgo
Machine Learning with Go Session Material for Golab 2018
Stars: ✭ 15 (-44.44%)
Mutual labels:  makefile
Bashmultitool
A library for bash shell program containing useful functions. Can be imported into scripts to create colourful and functional scripts and TUIs.
Stars: ✭ 27 (+0%)
Mutual labels:  makefile
Hubot Slack Docker
Docker container running Github Hubot.
Stars: ✭ 21 (-22.22%)
Mutual labels:  makefile
Ris
a simple cross-platform resource compiler for c++ projects
Stars: ✭ 15 (-44.44%)
Mutual labels:  makefile
View All Similar Projects ➔

Sample Auth Method Plugin for HashiCorp Vault

This repository contains sample code for a HashiCorp Vault Auth Plugin. It is both a real custom Vault auth method, and an example of how to build, install, and maintain your own Vault auth plugin.

This code is for educational purposes only. It demonstrates a basic Vault Auth Plugin. It is not secure. Do not use it in production.

For more information, see the accompanying blog post.

Setup

The setup guide assumes some familiarity with Vault and Vault's plugin ecosystem. You must have a Vault server already running, unsealed, and authenticated.

  1. Download and decompress the latest plugin binary from the Releases tab on GitHub. Alternatively you can compile the plugin from source.

  2. Move the compiled plugin into Vault's configured plugin_directory:

$ mv vault-auth-plugin-example /etc/vault/plugins/vault-auth-plugin-example
  1. Calculate the SHA256 of the plugin and register it in Vault's plugin catalog. If you are downloading the pre-compiled binary, it is highly recommended that you use the published checksums to verify integrity.
$ export SHA256=$(shasum -a 256 "/etc/vault/plugins/vault-auth-plugin-example" | cut -d' ' -f1)

$ vault write sys/plugins/catalog/example-auth-plugin \
    sha_256="${SHA256}" \
    command="vault-auth-plugin-example"
  1. Mount the auth method:
$ vault auth enable \
    -path="example" \
    -plugin-name="example-auth-plugin" plugin

Authenticating with the Shared Secret

To authenticate, the user supplies the shared secret:

$ vault write auth/example/login password="super-secret-password"

The response will be a standard auth response with some token metadata:

Key             	Value
---             	-----
token           	b62420a6-ee83-22a4-7a15-a908af658c9f
token_accessor  	9eff2c4e-e321-3903-413e-a5084abb631e
token_duration  	30s
token_renewable 	true
token_policies  	[default my-policy other-policy]
token_meta_fruit	"banana"

Should I Use This?

No, please do not. This is an example Vault Plugin that should be use for learning purposes. Having a shared phrase that gives anyone access to Vault is highly discouraged and a security anti-pattern. This code should be used for educational purposes only.

License

This code is licensed under the MPLv2 license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].