You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is super helpful, thank you for publishing it.
I do have two small requests. For some context, I'm using this with a small on-prem Concourse to authenticate to a GitHub Enterprise instance to pull code. Concourse officially only supports kv v1 for Vault, but with a little bit of fiddling it will talk to any secrets engine with some caveats:
For retrieving credentials, it will only use GET. This plugin does not support GET for retrieving tokens.
If credential caching is enabled, it will respect Vault lease durations if returned. If credential caching is NOT enabled, it will pull new credentials from vault every time they are used. This plugin does not return leases and so credential caching does not work properly even if the first one is hacked around (i.e. at the nginx level).
I wrote a small app that proxies requests from Concourse to this plugin to solve both of those issues, but if would be nice if they were supported directly.
I am not very familiar with Go (or Vault for that matter) so I would not be able to contribute these changes any time soon.
The text was updated successfully, but these errors were encountered:
Hi @kberzinch thanks for your interest. I did a bit of housecleaning on this project today and have hopefully catered for both of your requests in v1.0.0. Please give it a whirl if you're still using the plugin.
This is super helpful, thank you for publishing it.
I do have two small requests. For some context, I'm using this with a small on-prem Concourse to authenticate to a GitHub Enterprise instance to pull code. Concourse officially only supports
kv
v1 for Vault, but with a little bit of fiddling it will talk to any secrets engine with some caveats:For retrieving credentials, it will only use
GET
. This plugin does not supportGET
for retrieving tokens.If credential caching is enabled, it will respect Vault lease durations if returned. If credential caching is NOT enabled, it will pull new credentials from vault every time they are used. This plugin does not return leases and so credential caching does not work properly even if the first one is hacked around (i.e. at the nginx level).
I wrote a small app that proxies requests from Concourse to this plugin to solve both of those issues, but if would be nice if they were supported directly.
I am not very familiar with Go (or Vault for that matter) so I would not be able to contribute these changes any time soon.
The text was updated successfully, but these errors were encountered: