RFE: please add auth method for approle #22
Comments
|
Hi Andrei The project is intended to sync Kubernetes secrets with Vault. So you have a running Kubernetes cluster otherwise you wouldn't use this project. The auth method With Kubernetes, we can use the token of a Kubernetes Service Account which authenticity can be approved with the Kubernetes API server. With HashiCorp added the Kubernetes auth to their Go API for Vault: github.com/hashicorp/vault/api/auth/kubernetes There is a new version of our Maybe I missed a point, so please let me know. Regards, |
Hello @marcsauter . Let me try to explain.
What we need: auth to vault with auth method : How do we sync secrets from Vault that doesn't have auth method Thank you. |
|
Hi Andrei I will check how to support other authentications than Again, our Vault is also running outside of Kubernetes, the only thing necessary is a connection from Vault to the Kubernetes API server and the configuration: https://www.vaultproject.io/docs/auth/kubernetes#configuration I'll keep you informed. Regards, |
|
Hello @Andrei-Stepanov Please try v0.2.6 Best regards |
Hello,
At this moment vault-kubernetes synchronization works only with a vault-deployment that supports auth method
kuberneteshttps://www.vaultproject.io/docs/auth/kubernetes
https://github.com/postfinance/vaultk8s/blob/master/k8s.go#L129
It is very common to have Vault running as a distinct service without support of auth method
kubernetes.The most popular way to auth to Vault instance is
approleauth method: https://www.vaultproject.io/docs/auth/approleAdding such authorization seems straightforward. 1 put with 2 params:
role_id&secret_id: https://www.vaultproject.io/docs/auth/approle#via-the-apiCould you please add this auth method? This would allow auth to Vault that is installed at different location.
Thank you.
The text was updated successfully, but these errors were encountered: