- 
                Notifications
    You must be signed in to change notification settings 
- Fork 62
feat(vault-jwt): Add Vault JWT/OIDC module #297
Conversation
- Correct the variable name in `main.tf` and `run.sh` to ensure they are consistent and match expected inputs for Vault CLI interactions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I looked through the files, and I think they look good. The only thing I'm not sure about is the run.sh file, because I'm definitely not a Bash expert
Don't feel comfortable approving yet, since the Bash script seems to be where the most logic lives. Could we tag in someone like @mafredri to look things over?
        
          
                vault-jwt/README.md
              
                Outdated
          
        
      | curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/data/coder" | ||
| ``` | ||
|  | ||
|  | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was this supposed to be an image URL?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. I will take care of this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This, and our scripts in general, could use a bit of an overhaul to be consistent with bash and non-bash features, but other than that, LGTM.
Co-authored-by: Mathias Fredriksson <[email protected]>
- Simplified explanation of using OIDC access token. - Made language around configuration more direct. - Enhanced section titles for improved clarity.
This module makes use of existing OIDC access token to authenticate with Vault. It requires setting up a Vault JWT/OIDC auth with the same OIDC provider used with Coder.
This module should let users get non interactive authentication with vault.
I tested this with Okta.