Skip to content

A simple agent to authenticate an AWS EC2 instance against Hashicorp Vault

License

Notifications You must be signed in to change notification settings

Brightspace/vault-ec2auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Vault-EC2Auth

This agent is intended to make EC2 authentication against Vault as simple as possible. Simply launch the agent in the background and anytime you need to access vault, your token is available at ~/.vault-token which is the default location that the vault CLI looks for its access token.

Quick start

Options for getting started:

Typical usage:

  • Run once and exit: vault-ec2auth -role my_role
  • Run as agent: vault-ec2auth -agent -role my_role

How it works

Upon launch, the agent will immediately attempt to connect to Vault at https://vault.service.consul:8200 to retrieve a token for the requested role.

The token is written to ~/.vault-token and the nonce to ~/.vault-nonce.

If running in agent mode, it will then block for half of the lease duration before attempting to reauthenticate with Vault using the nonce value stored in ~/.vault-nonce.

Documentation

  • Additional options can be seen by running the tool with no parameters.

Running as an agent

By providing the -agent argument the agent will block until cancelled with ctrl+c. In this mode leases will be automatically renewed at the half-life of the lease.

Versioning

Vault EC2Auth Agent releases are maintained under the Semantic Versioning guidelines.

Contributing

Please read through our contributing guidelines. Included are directions for opening issues, coding standards, and notes on development.

About

A simple agent to authenticate an AWS EC2 instance against Hashicorp Vault

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages