Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Auth Method: Kubernetes #1

Closed
roechi opened this issue Feb 26, 2021 · 1 comment
Closed

Support Auth Method: Kubernetes #1

roechi opened this issue Feb 26, 2021 · 1 comment
Labels
enhancement New feature or request

Comments

@roechi
Copy link
Collaborator

roechi commented Feb 26, 2021
edited

In some use-cases it might be very convenient to authenticate towards vault via a Kubernetes namespace.
Any Kubernetes Pod has access to an account JSON Web Token (JWT). The token is issued for a service account, if no service account is given, a default account will be created. Anyhow, the token can be found at a specific mount point:
/var/run/secrets/kubernetes.io/serviceaccount/token

The Vault Kubernetes Auth plugin allows it, to configure access for specific accounts and namespaces. We can leverage this, to exchange the Service Account JWT for a Vault Access Token. See: https://www.vaultproject.io/docs/auth/kubernetes

I guess this is obviously a great addition for the aws-signing-proxy Docker image but it might also be useful for the vault-env-cred-provider.
@roechi roechi added the enhancement New feature or request label Feb 26, 2021
@ebini ebini mentioned this issue Nov 17, 2021
Closed
@theurichde
Copy link
Collaborator

fixed with #52

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@roechi @theurichde