vault-auth-plugin-guacamole

command module

v0.0.0-...-84836cb Latest Latest Go to latest Published: Oct 19, 2020 License: MPL-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/darkedges/vault-auth-plugin-guacamole

Links

Open Source Insights

README ¶

Sample Auth Method Plugin for HashiCorp Vault

This repository contains sample code for a HashiCorp Vault Auth Plugin. It is both a real custom Vault auth method, and an example of how to build, install, and maintain your own Vault auth plugin.

This code is for educational purposes only. It demonstrates a basic Vault Auth Plugin. It is not secure. Do not use it in production.

For more information, see the accompanying blog post.

Setup

The setup guide assumes some familiarity with Vault and Vault's plugin ecosystem. You must have a Vault server already running, unsealed, and authenticated.

Download and decompress the latest plugin binary from the Releases tab on GitHub. Alternatively you can compile the plugin from source.
Move the compiled plugin into Vault's configured plugin_directory:

$ mv vault-auth-plugin-example /etc/vault/plugins/vault-auth-plugin-example

Calculate the SHA256 of the plugin and register it in Vault's plugin catalog. If you are downloading the pre-compiled binary, it is highly recommended that you use the published checksums to verify integrity.

$ export SHA256=$(shasum -a 256 "/etc/vault/plugins/vault-auth-plugin-example" | cut -d' ' -f1)

$ vault write sys/plugins/catalog/example-auth-plugin \
    sha_256="${SHA256}" \
    command="vault-auth-plugin-example"

Mount the auth method:

$ vault auth enable \
    -path="example" \
    -plugin-name="example-auth-plugin" plugin

Authenticating with the Shared Secret

To authenticate, the user supplies the shared secret:

$ vault write auth/example/login password="super-secret-password"

The response will be a standard auth response with some token metadata:

Key             	Value
---             	-----
token           	b62420a6-ee83-22a4-7a15-a908af658c9f
token_accessor  	9eff2c4e-e321-3903-413e-a5084abb631e
token_duration  	30s
token_renewable 	true
token_policies  	[default my-policy other-policy]
token_meta_fruit	"banana"

Should I Use This?

No, please do not. This is an example Vault Plugin that should be use for learning purposes. Having a shared phrase that gives anyone access to Vault is highly discouraged and a security anti-pattern. This code should be used for educational purposes only.

License

This code is licensed under the MPLv2 license.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
guacamole
version

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL