You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on May 15, 2025. It is now read-only.
makes the vault token variable optional,
meaning that template creators can use the vault token module just to install vault cli, without it configuring a token environment variable.
the template creator can then log into vault with their own script,
or they can ask the user to manually run vault login command
potential future change: refactor the vault-jwt and the vault-github modules in this repo to call this module for installing vault, and their scripts only need to call the relevant login command, they dont need to download and install vault. makes maintaining easier if you have just one install script.
my particular usecase:
I switched from having a jwt generated in the coder template,
instead i now have a k8s operator that generates a new vault token (hashicorp/vault-secrets-operator#1062), and saves it to a k8s secret.
that token is short lived and is rotated regularly, the k8s secret always has a valid freshly generated vault token
the vault token secret is mounted as a file to the workspace container,
and is symlinked over the ~/.vault-token file
therefore, no authentication to vault ever occurs inside the container,
providing the token via envvar would result in the token expiring and not being updated with the secret,
and i didnt want to create my own new vault coder module
moo-im-a-cow
changed the title
feat(vault-token): make supplying a vault token optional
feat( vault-token/main.tf): make supplying a vault token optional
May 9, 2025
moo-im-a-cow
changed the title
feat( vault-token/main.tf): make supplying a vault token optional
feat(vault-token/main.tf): make supplying a vault token optional
May 9, 2025
moo-im-a-cow
changed the title
feat(vault-token/main.tf): make supplying a vault token optional
feat(vault-token): make supplying a vault token optional
May 9, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
communityPull Requests and issues created by the community.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
cdr-bot
bot
added
the
community
moo-im-a-cow
changed the title
makes the vault token variable optional,
meaning that template creators can use the vault token module just to install vault cli, without it configuring a token environment variable.
the template creator can then log into vault with their own script,
or they can ask the user to manually run
vault logincommandpotential future change: refactor the vault-jwt and the vault-github modules in this repo to call this module for installing vault, and their scripts only need to call the relevant login command, they dont need to download and install vault. makes maintaining easier if you have just one install script.