Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Documentation updates for use with a private CA #774

Merged
merged 1 commit into from
Jan 29, 2023

Conversation

jackcasey-visier
Copy link
Contributor

Hello!

Summary

I'm hoping to add a bit of documentation around using the verify parameter when initializing a client.

The use case I'm working with, is we are only using a private CA to provide trust. The actual authentication is done through another channel (AWS IAM).

My understanding of the cert parameter, is to address the former, where the client provides its own certificate to authenticate with Vault.

Validation

To validate this works as expected, here's a snippet of code in use with our system:

self.client = hvac.Client(url=self.vault_address, verify=os.environ.get('CA_BUNDLE'))
self.client.auth.aws.iam_login(credentials.access_key, credentials.secret_key, credentials.token)

Using this code, the connection to Vault is only trusted if signed by our internal CA root certificate. The code snippet added in the documentation is the same flow, simply more generic

@jackcasey-visier jackcasey-visier requested a review from a team as a code owner October 14, 2021 17:19
@briantist briantist self-assigned this Jan 28, 2023
@briantist briantist added the documentation documentation updates and/or requests for expanded documentation label Jan 28, 2023
@briantist briantist force-pushed the private-ca-docs-update branch from 21d1492 to ca4bd3a Compare January 28, 2023 01:23
@briantist briantist added this to the 1.1.0 milestone Jan 28, 2023
@briantist briantist merged commit a98cbf8 into hvac:develop Jan 29, 2023
briantist pushed a commit that referenced this pull request Mar 6, 2023
briantist pushed a commit to briantist/hvac that referenced this pull request May 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation documentation updates and/or requests for expanded documentation
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants