gered/vault-sidekick
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge pull request #25 from roboll/env-vars

Browse source 
enable env vars for auth settings
This commit is contained in:
Rohith 2016-10-01 23:22:40 +01:00 committed by GitHub
parent 25e5549fa9 6bedc031cd
commit 0948037b6a
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -66,6 +66,9 @@ The above say's
A authentication file can be specified in either yaml of json format which contains a method field, indicating one of the authentication A authentication file can be specified in either yaml of json format which contains a method field, indicating one of the authentication
methods provided by vault i.e. userpass, token, github etc and then followed by the required arguments for that plugin. methods provided by vault i.e. userpass, token, github etc and then followed by the required arguments for that plugin.
If the required arguments for that plugin are not contained in the authentication file, fallbacks from environment variables are used.
Environment variables are prefixed with `VAULT_SIDEKICK`, i.e. `VAULT_SIDEKICK_USERNAME`, `VAULT_SIDEKICK_PASSWORD`.
**Secret Renewals** **Secret Renewals**
The default behaviour of vault-sidekick is **not** to renew a lease, but to retrieve a new secret and allow the previous to The default behaviour of vault-sidekick is **not** to renew a lease, but to retrieve a new secret and allow the previous to

8
auth_userpass.go
View file

@ -18,6 +18,7 @@ package main
import ( import (
"fmt" "fmt"
"os"
"github.com/hashicorp/vault/api" "github.com/hashicorp/vault/api"
) )
@ -45,6 +46,13 @@ func (r authUserPassPlugin) Create(cfg map[string]string) (string, error) {
username, _ := cfg["username"] username, _ := cfg["username"]
password, _ := cfg["password"] password, _ := cfg["password"]
if username == "" {
username = os.Getenv("VAULT_SIDEKICK_USERNAME")
}
if password == "" {
password = os.Getenv("VAULT_SIDEKICK_PASSWORD")
}
// step: create the token request // step: create the token request
request := r.client.NewRequest("POST", fmt.Sprintf("/v1/auth/userpass/login/%s", username)) request := r.client.NewRequest("POST", fmt.Sprintf("/v1/auth/userpass/login/%s", username))
if err := request.SetJSONBody(userPassLogin{Password: password}); err != nil { if err := request.SetJSONBody(userPassLogin{Password: password}); err != nil {