Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault Auth to return only token #2855

Closed
martinssipenko opened this issue Jun 14, 2017 · 2 comments
Closed

Vault Auth to return only token #2855

martinssipenko opened this issue Jun 14, 2017 · 2 comments
Milestone
0.8.0

Comments

@martinssipenko
Copy link
Contributor

Hi,

Is there a way to make vault auth return only the token in output? I'd like to use Vault CLI to authenticate my EC2 instance using AWS Backend, but I'd like to avoid writing custom code for this particular use case. I'm aware that Vault API could be used, however with AWS Auth backend it's not so trivial.

Perhaps it would be possible to add some sort of flag, that would just return the token, or add a flag using which the output would be machine readable?
@jefferai
Copy link
Member

Hi @martinssipenko

The reason there isn't a format flag right now is that we return a lot of other textual information to clients, since it's meant to be for humans.

One possibility would be a pretty trivial grep/sed to pull the token out, since there is known text in front and a newline after.

Another might be to add a flag specifically to the AWS CLI helper that will return the encoded JSON that needs to be sent to Vault. Then you could use the CLI to get the headers and pipe that into a curl call, and have the output of that go to jq or so.

@jefferai jefferai added this to the 0.7.4 milestone Jun 14, 2017
jefferai added a commit that referenced this issue Jul 4, 2017
@jefferai
Add token-only.
e8a9745 
Fixes #2855
@jefferai jefferai mentioned this issue Jul 4, 2017
Merged
joelthompson added a commit to joelthompson/vault that referenced this issue Jul 18, 2017
@joelthompson
Let AWS auth CLI helper only generate login data
49bfe72 
This will be useful to other golang clients so they can manage the login
process themselves.

Also helps for hashicorp#2855
jefferai pushed a commit that referenced this issue Jul 18, 2017
@joelthompson @jefferai
Let AWS auth CLI helper only generate login data (#3015)
98e3c9e 
* Let AWS auth CLI helper only generate login data

This will be useful to other golang clients so they can manage the login
process themselves.

Also helps for #2855

* Respond to PR feedback
@jefferai jefferai modified the milestones: 0.7.4, 0.8.0 Jul 24, 2017
@spkane
Copy link

spkane commented Dec 20, 2023

This works nowadays:

vault write --field=token auth/approle/login role_id=REDACTED secret_id=REDACTED

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.8.0
Development

No branches or pull requests
3 participants
@jefferai @spkane @martinssipenko