mirror of
https://github.com/hashicorp/vault-action.git
synced 2026-04-15 16:25:43 +00:00
Implement JWT auth (#188)
This commit is contained in:
Raman Harnak
GitHub
parent
8417c61f8a
commit
9e8f22534f
8 changed files with 275 additions and 2 deletions
15
README.md
15
README.md
|
|
@ -86,6 +86,17 @@ with:
|
|||
githubToken: ${{ secrets.MY_GITHUB_TOKEN }}
|
||||
caCertificate: ${{ secrets.VAULTCA }}
|
||||
```
|
||||
- **jwt**: you must provide a `role` & `jwtPrivateKey` parameters, additionally you can pass `jwtKeyPassword` & `jwtTtl` parameters
|
||||
```yaml
|
||||
...
|
||||
with:
|
||||
url: https://vault.mycompany.com:8200
|
||||
method: jwt
|
||||
role: github-action
|
||||
jwtPrivateKey: ${{ secrets.JWT_PRIVATE_KEY }}
|
||||
jwtKeyPassword: ${{ secrets.JWT_KEY_PASS }}
|
||||
jwtTtl: 3600 # 1 hour, default value
|
||||
```
|
||||
|
||||
If any other method is specified and you provide an `authPayload`, the action will attempt to `POST` to `auth/${method}/login` with the provided payload and parse out the client token.
|
||||
|
||||
|
|
@ -254,6 +265,10 @@ Here are all the inputs available through `with`:
|
|||
| `roleId` | The Role Id for App Role authentication | | |
|
||||
| `secretId` | The Secret Id for App Role authentication | | |
|
||||
| `githubToken` | The Github Token to be used to authenticate with Vault | | |
|
||||
| `role` | Vault role for specified auth method | | |
|
||||
| `jwtPrivateKey` | Base64 encoded Private key to sign JWT | | |
|
||||
| `jwtKeyPassword` | Password for key stored in jwtPrivateKey (if needed) | | |
|
||||
| `jwtTtl` | Time in seconds, after which token expires | | 3600 |
|
||||
| `authPayload` | The JSON payload to be sent to Vault when using a custom authentication method. | | |
|
||||
| `extraHeaders` | A string of newline separated extra headers to include on every request. | | |
|
||||
| `exportEnv` | Whether or not export secrets as environment variables. | `true` | |
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue