README
¶
Vault-EC2Auth
This agent is intended to make EC2 authentication against Vault as simple as possible. Simply launch the agent in the
background and anytime you need to access vault, your token is available at ~/.vault-token which is the default location
that the vault CLI looks for its access token.
Quick start
Options for getting started:
- Download the latest release.
- Clone the repo:
git clone https://github.com/Brightspace/vault-ec2auth.git.
Typical usage:
- Run once and exit:
vault-ec2auth -role my_role - Run as agent:
vault-ec2auth -agent -role my_role
How it works
Upon launch, the agent will immediately attempt to connect to Vault at https://vault.service.consul:8200 to retrieve
a token for the requested role.
The token is written to ~/.vault-token and the nonce to ~/.vault-nonce.
If running in agent mode, it will then block for half of the lease duration before attempting to reauthenticate with Vault
using the nonce value stored in ~/.vault-nonce.
Documentation
- Additional options can be seen by running the tool with no parameters.
Running as an agent
By providing the -agent argument the agent will block until cancelled with ctrl+c. In this mode leases will be automatically
renewed at the half-life of the lease.
Versioning
Vault EC2Auth Agent releases are maintained under the Semantic Versioning guidelines.
Contributing
Please read through our contributing guidelines. Included are directions for opening issues, coding standards, and notes on development.
Documentation
¶
There is no documentation for this package.
Source Files