publicWagsHome
/
modules
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Update README.md

Browse Source
pull/140/head
Muhammad Atif Ali 1 year ago committed by GitHub
parent 36b4983eb0
commit 74fdbf5fd0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 37 additions and 7 deletions
Show Stats Download Patch File Download Diff File

44
vault-token/README.md
Unescape Escape View File

@ -3,6 +3,7 @@ display_name: Hashicorp Vault Integration (Token)
description: Authenticates with Vault using Token description: Authenticates with Vault using Token
icon: ../.icons/vault.svg icon: ../.icons/vault.svg
maintainer_github: coder maintainer_github: coder
partner_github: hashicorp
verified: true verified: true
tags: [helper, integration, vault, token] tags: [helper, integration, vault, token]
--- ---
@ -12,11 +13,17 @@ tags: [helper, integration, vault, token]
This module lets you authenticate with [Hashicorp Vault](https://www.vaultproject.io/) in your Coder workspaces using a [Vault token](https://developer.hashicorp.com/vault/docs/auth/token). This module lets you authenticate with [Hashicorp Vault](https://www.vaultproject.io/) in your Coder workspaces using a [Vault token](https://developer.hashicorp.com/vault/docs/auth/token).
```tf ```tf
variable "vault_token" {
type = string
description = "The Vault token to use for authentication."
sensitive = true
}
module "vault" { module "vault" {
source = "registry.coder.com/modules/vault-token/coder" source = "registry.coder.com/modules/vault-token/coder"
version = "1.0.2" version = "1.0.3"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
vault_token = "s.1234567890" vault_token = var.token
vault_addr = "https://vault.example.com" vault_addr = "https://vault.example.com"
} }
``` ```
@ -24,31 +31,54 @@ module "vault" {
Then you can use the Vault CLI in your workspaces to fetch secrets from Vault: Then you can use the Vault CLI in your workspaces to fetch secrets from Vault:
```shell ```shell
vault kv get -mount=secret my-secret vault kv get -mount=coder my-secret
``` ```
or using the Vault API: or using the Vault API:
```shell ```shell
curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/secret/data/my-secret" curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/data/my-secret"
``` ```
![Vault login](../.images/vault-login.png)
## Configuration ## Configuration
To configure the Vault module, you must create a Vault token with the the required permissions and configure the module with the token and Vault address. To configure the Vault module, you must create a Vault token with the the required permissions and configure the module with the token and Vault address.
1. Create a vault policy `read-coder-secrets.hcl` with read access to the secret mount you need your developers to access.
```hcl
path "coder/data/*" {
capabilities = ["read"]
}
path "coder/metadata/*" {
capabilities = ["read"]
}
```
```shell
vault policy write read-coder-secrets ead-coder-secrets.hcl
```
2. Create a token using this policy.
```shell
vault token create -policy="read-coder-secrets"
```
3. Copy the generated and use in your template.
## Examples ## Examples
### Configure Vault integration and install a specific version of the Vault CLI ### Configure Vault integration and install a specific version of the Vault CLI
```tf ```tf
variable "vault_token" {
type = string
description = "The Vault token to use for authentication."
sensitive = true
}
module "vault" { module "vault" {
source = "registry.coder.com/modules/vault-token/coder" source = "registry.coder.com/modules/vault-token/coder"
version = "1.0.2" version = "1.0.3"
agent_id = coder_agent.example.id agent_id = coder_agent.example.id
vault_addr = "https://vault.example.com" vault_addr = "https://vault.example.com"
vault_token = var.token
vault_cli_version = "1.15.0" vault_cli_version = "1.15.0"
} }
``` ```

Write Preview
Loading…
Cancel
Save