publicWagsHome
/
modules
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
optionality
coder-monitoring
atif/multi-gateway
cj/github-inaction
atif/jetbrains-multi-ides
atif/support-kasm-images
atif/qol-improvments
module-glitch-repro
mes/rdp-glitch-repro
web-rdp-cloud-fixes
slackme/exitcode
v1.0.29-1
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.20
v1.0.21
v1.0.22
v1.0.23
v1.0.24
v1.0.25
v1.0.26
v1.0.27
v1.0.28
v1.0.29
v1.0.8
v1.0.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '047ccd67ca'
${ noResults }
modules/vault-token
History
github-actions[bot] b90f6f9de8
chore: bump version to 1.0.7 in README.md files (#174) 
Co-authored-by: matifali <matifali@users.noreply.github.com>
 		2 years ago
..
README.md chore: bump version to 1.0.7 in README.md files (#174) 2 years ago
main.test.ts Update Hashicorp vault modules (#140) 2 years ago
main.tf Update Hashicorp vault modules (#140) 2 years ago
run.sh fix(vault): fix version fetching logic (#172) 2 years ago

README.md

display_name description icon maintainer_github partner_github verified tags
Hashicorp Vault Integration (Token) Authenticates with Vault using Token ../.icons/vault.svg coder hashicorp true
helper
integration
vault
token

Hashicorp Vault Integration (Token)

This module lets you authenticate with Hashicorp Vault in your Coder workspaces using a Vault token.

variable "vault_token" {
  type        = string
  description = "The Vault token to use for authentication."
  sensitive   = true
}

module "vault" {
  source      = "registry.coder.com/modules/vault-token/coder"
  version     = "1.0.7"
  agent_id    = coder_agent.example.id
  vault_token = var.token
  vault_addr  = "https://vault.example.com"
}

Then you can use the Vault CLI in your workspaces to fetch secrets from Vault:

vault kv get -namespace=coder -mount=secrets coder

or using the Vault API:

curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/data/coder"

Configuration

To configure the Vault module, you must create a Vault token with the the required permissions and configure the module with the token and Vault address.

  1. Create a vault policy with read access to the secret mount you need your developers to access. 
    vault policy write read-coder-secrets - <<EOF
 path "coder/data/*" {
   capabilities = ["read"]
 }
 path "coder/metadata/*" {
   capabilities = ["read"]
 }
 EOF
  2. Create a token using this policy. 
    vault token create -policy="read-coder-secrets"
  3. Copy the generated token and use in your template.

Examples

Configure Vault integration and install a specific version of the Vault CLI

variable "vault_token" {
  type        = string
  description = "The Vault token to use for authentication."
  sensitive   = true
}

module "vault" {
  source            = "registry.coder.com/modules/vault-token/coder"
  version           = "1.0.7"
  agent_id          = coder_agent.example.id
  vault_addr        = "https://vault.example.com"
  vault_token       = var.token
  vault_cli_version = "1.15.0"
}