You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
KMS Transit (Vault) can't connect to a hashicorp vault instance in kubernetes using vault k8s auth method.
Describe the solution you'd like
I want to set parameters like this: (minimum)
With this in place, I can use Boundary to authenticate against Vault using Vault's k8s auth method based on k8s Service Account. So the vault setup will be responsible for giving the proper permissions to the Boundary k8s service account via policy and Vault Role.
This can be an alternative to authenticate Boundary to Vault without client TLS certificates and token. This is gonna be very helpful when you have both Vault and Boundary set up into a k8s cluster.
The text was updated successfully, but these errors were encountered:
Normally the way you'd handle this is via using Vault Agent to auto-auth and provide the token to Boundary. Please take a look at https://developer.hashicorp.com/vault/docs/agent-and-proxy/autoauth/methods/kubernetes which describes auto-auth via the Kubernetes auth method. The token can be written to a file and sourced as env var VAULT_TOKEN when launching.
It's a bit convoluted but can be done today; I think it would be nice if in the future the transit wrapper could source from a file in a manner similar to how much of Boundary's configuration works, which would make this simpler.
It's a bit convoluted but can be done today; I think it would be nice if in the future the transit wrapper could source from a file in a manner similar to how much of Boundary's configuration works, which would make this simpler.
kubernetes auth method brings this file to the pod(default path): /var/run/secrets/kubernetes.io/serviceaccount/token
then on the boundary side auth configuration would resume to:
Is your feature request related to a problem? Please describe.
KMS Transit (Vault) can't connect to a hashicorp vault instance in kubernetes using vault k8s auth method.
Describe the solution you'd like
I want to set parameters like this:
(minimum)
or more customized like:
With this in place, I can use Boundary to authenticate against Vault using Vault's k8s auth method based on k8s Service Account. So the vault setup will be responsible for giving the proper permissions to the Boundary k8s service account via policy and Vault Role.
Pull Request: hashicorp/go-kms-wrapping#177
This can be an alternative to authenticate Boundary to Vault without client TLS certificates and token. This is gonna be very helpful when you have both Vault and Boundary set up into a k8s cluster.
The text was updated successfully, but these errors were encountered: