You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
vault-ruby currently supports the 'bound_cidrs' option for the AppRole auth method.
The 'bound_cidrs' option is deprecated in favour of the 'secret_id_bound_cidrs' and 'token_bound_cidrs' options. Could support for these new options please be added?
The lack of support for these options is the likely cause of an issue we see with our custom Puppet types and providers leveraging the vault-ruby gem to write the config.
A Puppet manifest configuring an AppRole might look like this:
The issue we are seeing is that all AppRoles are created and work as expected but are reconfigured on each Puppet run, this is due to the subnet mask being stripped from the configured ‘token_bound_cidrs’ as shown in the Puppet run output below:
Having same issue running Vault enterprise behind CloudFlare proxy. The token_bound_cidrs and secret_id_bound_cidrs does not work because client request ends at proxy and vault does not check for "x-forwarded-ip"
can you please suggest a solution for this issue ?
vault-ruby currently supports the 'bound_cidrs' option for the AppRole auth method.
The 'bound_cidrs' option is deprecated in favour of the 'secret_id_bound_cidrs' and 'token_bound_cidrs' options. Could support for these new options please be added?
The lack of support for these options is the likely cause of an issue we see with our custom Puppet types and providers leveraging the vault-ruby gem to write the config.
A Puppet manifest configuring an AppRole might look like this:
The issue we are seeing is that all AppRoles are created and work as expected but are reconfigured on each Puppet run, this is due to the subnet mask being stripped from the configured ‘token_bound_cidrs’ as shown in the Puppet run output below:
The text was updated successfully, but these errors were encountered: