vault-action
vault-action copied to clipboard
hashicorp
[FEAT] Support IAM / EC2 auth methods
Is your feature request related to a problem? Please describe. I have private github runners in AWS that already have an instance profile. Calls to vault should be able to leverage that instance profile role or another assumed role to auth.
Describe the solution you'd like An additional authentication method in this action code that supports vault AWS auth options.
Describe alternatives you've considered Use sts assume role and vault cli commands to retrieve the secrets in a bash script.
Additional context https://www.vaultproject.io/docs/auth/aws
Thanks @domingogomez-asto, we're looking into adding more Auth Methods. Additionally, if anyone in the community is interested in contributing, we'd be happy to review!
Is anyone working on this yet? I was gonna take a stab at it but I never touch js ..
Ya, n/m. I thought it was gonna be some simple copypasta as the Vault command line client only needs the role name for IAM auth. It appears to be doing a ton more stuff in the background and after looking at Python examples it's gonna be a tad more complicated. Most likely will require the nodejs SDK for AWS ..
@jasonodonnell Does hashicorp plan on adding AWS IAM auth to this module anytime soon? If not I'm just gonna wrap the Vault client in a Docker action and call it a day.