HomeDevCentral
Diffusion Nasqueron Operations 02c2202539c6

Allow to issue Vault token with admin policy
02c2202539c6
Actions

Description

Allow to issue Vault token with admin policy

Summary:
Ops need to authenticate to Vault to manage PKI, credentials, mounts, policies.
This is covered by the 'admin' policy.

To facilitate the authentication, this script allows each ops member to issue
such token as a self-service facility.

Usage: sudo utils/vault/issue-admin-token.py [--insecure]

The --insecure argument allows to use this script even if the TLS certificate
has expired. That's required to issue through Vault a new certificate.

Ref T1975

Test Plan:
Tested on Complector with sudo utils/vault/issue-admin-token.py
by Dorian and me to get our new tokens.

Reviewers: DorianWinty

Reviewed By: DorianWinty

Maniphest Tasks: T1975

Differential Revision: https://devcentral.nasqueron.org/D3357

Details

Provenance
derecksonAuthored on Jul 7 2024, 13:51
derecksonPushed on Jul 9 2024, 22:33
Reviewer
DorianWinty
Differential Revision
D3357: Allow to issue Vault token with admin policy
Parents
rOPSac101a5a5af9: Require pre-commit itself
Branches
Unknown
Tags
Unknown
Tasks
T1975: Allow ops to login to Vault

Changes (2)

PathSize
roles/
salt-primary/
software/
utils/
vault/

rOPS02c2202539c6

View Options

roles/salt-primary/software/init.sls

Loading...
View Options

utils/vault/issue-admin-token.py

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator