You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In some use-cases it might be very convenient to authenticate towards vault via a Kubernetes namespace.
Any Kubernetes Pod has access to an account JSON Web Token (JWT). The token is issued for a service account, if no service account is given, a default account will be created. Anyhow, the token can be found at a specific mount point: /var/run/secrets/kubernetes.io/serviceaccount/token
The Vault Kubernetes Auth plugin allows it, to configure access for specific accounts and namespaces. We can leverage this, to exchange the Service Account JWT for a Vault Access Token. See: https://www.vaultproject.io/docs/auth/kubernetes
I guess this is obviously a great addition for the aws-signing-proxy Docker image but it might also be useful for the vault-env-cred-provider.
The text was updated successfully, but these errors were encountered:
In some use-cases it might be very convenient to authenticate towards vault via a Kubernetes namespace.
Any Kubernetes Pod has access to an account JSON Web Token (JWT). The token is issued for a service account, if no service account is given, a default account will be created. Anyhow, the token can be found at a specific mount point:
/var/run/secrets/kubernetes.io/serviceaccount/token
The Vault Kubernetes Auth plugin allows it, to configure access for specific accounts and namespaces. We can leverage this, to exchange the Service Account JWT for a Vault Access Token. See: https://www.vaultproject.io/docs/auth/kubernetes
I guess this is obviously a great addition for the aws-signing-proxy Docker image but it might also be useful for the
vault-env-cred-provider
.The text was updated successfully, but these errors were encountered: