[Feature] Github token authentication #34
Description
Is your feature request related to a problem? Please describe.
Hi. We're using github tokens to authenticate with vault. I have an old power-shell script that does the following:
function Get-VaultToken {
[CmdletBinding()]
Param (
[Parameter(Mandatory = $true)]
[string]
$Address,
[Parameter(Mandatory = $true)]
[string]
$GithubToken
)
$Uri = "${Address}v1/auth/github/login"
$Body = @{
token = $GithubToken
} | ConvertTo-Json
$Headers = @{
"Content-type" = "application/json"
}
$Response = Invoke-RestMethod -Method Post -Uri $Uri -Body $Body -Headers $Headers
$Token = $Response.auth.client_token
If (!$Token) {
Throw "Failed to get token from Vault"
}
return $Token
}but I would like to switch to using the secret-management module if possible. I've thought about just using the current Get-VaultToken to get the token and then register with the vault provider, but I'm unsure how long the vault token lives for, so I'm guessing it wouldn't be a particularly good solution.
Describe the solution you'd like
Support github as an authentication method, which uses a provided github token to exchange for a vault token.
Describe alternatives you've considered
Create a cmd-let that does the Get-VaultToken above, and adds/updates the secret-management vault with the new token.
Additional context