cloudflare

package module

v1.0.0 Latest Latest Go to latest Published: Apr 24, 2023 License: Unlicense Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/mollstam/vault-plugin-secrets-cloudflare-access

Links

Open Source Insights

README ¶

Vault Plugin: Cloudflare Access

This is a standalone backend plugin for use with Hashicorp Vault. This plugin provides handling of Cloudflare Access service tokens by Vault.

This plugin creates ✨ zone-level 🧙 Access service tokens. If you want the regular account wide stuff, pull-requests are welcome. :neckbeard:

Getting Started

This is a Vault plugin and is meant to work with Vault. This guide assumes you have already installed Vault and have a basic understanding of how Vault works.

Otherwise, first read this guide on how to get started with Vault.

To learn specifically about how plugins work, see documentation on Vault plugins.

Installation

Currently no built release is distributed, you'll have to build from source for your chosen OS and architecture.

Clone this repository and change directory into the root.
For good measure, run some tests: go test -v.
Change directory into cmd/vault-plugin-secrets-cloudflare-access
Build the plugin go build and then get the SHA256 hash of the binary.
Install the plugin and register it with the hash, see the Vault plugin docs for more information.

Setup (Cloudflare)

Sign in to your Cloudflare dashboard and head over to your API Tokens page.
Create a new token that has Edit access to Access: Service Tokens.
Keep the tab showing the secret token open for now, you shall need it.

Setup (Vault)

With the plugin installed from the steps above, mount it at some endpoint of your choosing

vault secrets enable -path=cloudflare-access vault-plugin-secrets-cloudflare-access

Configure the plugin

vault write cloudflare-access/config api_token=<API token from Cloudflare in that tab you kept open>

Create a role for the zone you are going to create tokens for, see Cloudflare docs for getting the Zone ID

vault write cloudflare-access/role/alice zone_id=<The Zone ID>

To test that it works, retrieve a new Cloudflare Access service token from Vault

vault read cloudflare-access/creds/alice

You should now have gotten a service token for Cloudflare Access, now lets revoke it (using the output lease_id)

vault lease revoke cloudflare-access/creds/alice/<lease id>

All good, remember to close that tab from the Cloudflare dashboard showing your secret API token. 🙏

Contribute

Pull requests welcome, and be nice.

Documentation ¶

Index ¶

func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Factory ¶

func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error)

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
vault-plugin-secrets-cloudflare-access

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL