README
¶
Vault Secrets Plugin - Auth0
Vault secrets plugins to simplying creation, management, and revocation of auth0 management API tokens.
Usage
Setup Endpoint
-
Download and enable plugin locally (TODO)
-
Configure the plugin
vault write /auth0/config/root domain=<token> client_id=<client-id> client_secret=<client-secret> -
Add one or more policies
Configure Policies
vault write /auth0/roles/<role-name> scopes=["test"]
you can then read from the role using
vault read /auth0/creds/<role-name>
Rotating the Root Token
The plugin supports rotating the configured admin token to seamlessly improve security.
To rotate the token, perform a 'write' operation on the
config/rotate-root endpoint
> export VAULT_ADDR="http://localhost:8200"
> vault write -f config/rotate-root
vault write -f auth0/config/rotate-root
Key Value
--- -----
domain <domain>
id <client_id>
Generate a new Token
To generate a new token:
Create a new auth0 policy and perform a 'read' operation on the creds/<role-name> endpoint.
# To read data using the api
$ vault read auth0/role/create-user
Key Value
--- -----
lease_id auth0/creds/test/arwU5tYDdw05Vwa306AOfjeP
lease_duration 24h
lease_renewable false
token <token>
token_type Bearer
Development
The provided Earthfile (think makefile, but using docker) is used to build, test, and publish the plugin. See the build targets for more information. Common targets include
# build a local version of the plugin
$ earthly +build
# execute integration tests
#
# use https://developers.auth0.com/api/tokens/create to create a token
# with 'User:API Tokens:Edit' permissions
$ TEST_auth0_TOKEN=<YOUR_auth0_TOKEN> earthly --secret TEST_auth0_TOKEN +test
# start vault and enable the plugin locally
earthly +dev
Documentation
¶
Index ¶
Constants ¶
const (
SecretTokenType = "token"
)
Variables ¶
This section is empty.
Functions ¶
func WithHeader ¶
func WithHeader(rt http.RoundTripper) withHeader
Types ¶
type Auth0Error ¶
type Auth0Error struct {
StatusCode int `json:"statusCode"`
ErrorType string `json:"error"`
Message string `json:"message"`
ErrorCode string `json:"errorCode"`
}
func (Auth0Error) Error ¶
func (e Auth0Error) Error() string
type ClientGrantResponse ¶
type ClientResponse ¶
type ClientResponse struct {
Tenant string `json:"tenant"`
Global bool `json:"global"`
IsTokenEndpointIPHeaderTrusted bool `json:"is_token_endpoint_ip_header_trusted"`
Name string `json:"name"`
IsFirstParty bool `json:"is_first_party"`
OIDCConformant bool `json:"oidc_conformant"`
SSODisabled bool `json:"sso_disabled"`
CrossOriginAuth bool `json:"cross_origin_auth"`
// RefreshToken
// SigningKeys
ClientID string `json:"client_id"`
CallbackURLTemplate bool `json:"callback_url_template"`
ClientSecret string `json:"client_secret"`
// JWTConfiguration
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"`
AppType string `json:"app_type"`
GrantTypes []string `json:"grant_types"`
CustomLoginPageOn bool `json:"custom_login_page_on"`
}
https://auth0.com/docs/api/management/v2#!/Clients/post_rotate_secret TODO: verify if this works also with create client
type CreateClientBody ¶
type CreateClientBody struct {
Name string `json:"name"`
Description string `json:"description"`
GrantTypes []string `json:"grant_types"`
}
https://auth0.com/docs/api/management/v2#!/Clients/post_clients
Source Files
Directories