publicWagsHome
/
modules
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
optionality
coder-monitoring
atif/multi-gateway
cj/github-inaction
atif/jetbrains-multi-ides
atif/support-kasm-images
atif/qol-improvments
module-glitch-repro
mes/rdp-glitch-repro
web-rdp-cloud-fixes
slackme/exitcode
v1.0.29-1
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.0
v1.0.1
v1.0.10
v1.0.11
v1.0.12
v1.0.13
v1.0.14
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.20
v1.0.21
v1.0.22
v1.0.23
v1.0.24
v1.0.25
v1.0.26
v1.0.27
v1.0.28
v1.0.29
v1.0.8
v1.0.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd3a796e91d'
${ noResults }
modules/vault-jwt
History
Muhammad Atif Ali d3a796e91d Fix variable names in Vault JWT module scripts 
- Correct the variable name in `main.tf` and `run.sh` to ensure they are consistent and match expected inputs for Vault CLI interactions.
 		10 months ago
..
README.md docs: update OIDC link in Vault JWT README 10 months ago
main.test.ts feat: add Hashicorp Vault JWT integration module 10 months ago
main.tf Fix variable names in Vault JWT module scripts 10 months ago
run.sh Fix variable names in Vault JWT module scripts 10 months ago

README.md

display_name description icon maintainer_github partner_github verified tags
Hashicorp Vault Integration (JWT) Authenticates with Vault using a JWT from Coder's OIDC provider ../.icons/vault.svg coder hashicorp true
helper
integration
vault
jwt
oidc

Hashicorp Vault Integration (JWT)

This module lets you authenticate with Hashicorp Vault in your Coder workspaces using a JWT from Coder's OIDC authentication method.

module "vault" {
  source         = "registry.coder.com/modules/vault-jwt/coder"
  version        = "1.0.17"
  agent_id       = coder_agent.example.id
  vault_addr     = "https://vault.example.com"
  vault_jwt_role = "coder" # The Vault role to use for authentication
}

Then you can use the Vault CLI in your workspaces to fetch secrets from Vault:

vault kv get -namespace=coder -mount=secrets coder

or using the Vault API:

curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/data/coder"

Vault login

Configuration

To configure the Vault module, you must set up a Vault JWT auth method. See the Vault documentation for more information.

Examples

Configure Vault integration with a non standard auth path

module "vault" {
  source              = "registry.coder.com/modules/vault-jwt/coder"
  version             = "1.0.17"
  agent_id            = coder_agent.example.id
  vault_addr          = "https://vault.example.com"
  vault_jwt_auth_path = "oidc"
  vault_jwt_role      = "coder" # The Vault role to use for authentication
}

Configure Vault integration with a role from your OIDC provider by mapping the workspace owner's group to a Vault role

data "coder_workspace_owner" "me" {}

module "vault" {
  source         = "registry.coder.com/modules/vault-jwt/coder"
  version        = "1.0.7"
  agent_id       = coder_agent.example.id
  vault_addr     = "https://vault.example.com"
  vault_jwt_role = data.coder_workspace_owner.me.groups[0]
}

Configure Vault integration and install a specific version of the Vault CLI

module "vault" {
  source            = "registry.coder.com/modules/vault-jwt/coder"
  version           = "1.0.17"
  agent_id          = coder_agent.example.id
  vault_addr        = "https://vault.example.com"
  vault_jwt_role    = "coder" # The Vault role to use for authentication
  vault_cli_version = "1.17.5"
}