DEV Community

Troy
Troy

Posted on

HashiCorp Vault+AWS Secrets+Rotation tool?

#vault #aws #secrets #hashicorp

In the process of implementing HashiCorp Vault and utilizing the AWS secrets engine. We have LDAP set up as an auth method and users are able to curl the vault endpoint to pull credentials:

curl --request POST --data @payload.json https://vault-api.test.com/v1/auth/ldap/login/me | jq '.'

curl --header "X-Vault-Token: mytoken" --request GET https://vault-api.test.com/v1/aws/creds/grp-aws-r-usersrole | jq
Enter fullscreen mode Exit fullscreen mode

Access keys are granted - does anyone know of a script/tool that's already in place that:

  1. Securely creates the payload.json with your LDAP password
  2. CURL's the Vault endpoint with the payload
  3. Deletes the payload file
  4. Retrieves the token
  5. CURL's the Vault endpoint with the token to retrieve the ephemeral access keys
  6. Loads the access keys in the .aws/credentials store

I've used https://github.com/Fullscreen/aws-rotate-key before we moved to Vault but it's no longer applicable.

Should I write something and share?

Top comments (1)

Collapse
 
dietertroy profile image
Troy

This is available! github.com/issafram/vault-credenti...

Read next

aybuke profile image

Managing EKS Add-ons with Terraform

Aybüke -

szymonszym profile image

AWS Bedrock, Claude 3, Serverless RAG, Rust

szymon-szym -

elliott_cordo profile image

MWAA Plugins and Dependency Survival Guide

elliott cordo -

arpadt profile image

AWS Advanced Networking Specialty - 15 hands-on exercises for certification success

Arpad Toth -