DEV Community


Posted on

HashiCorp Vault+AWS Secrets+Rotation tool?

In the process of implementing HashiCorp Vault and utilizing the AWS secrets engine. We have LDAP set up as an auth method and users are able to curl the vault endpoint to pull credentials:

curl --request POST --data @payload.json | jq '.'

curl --header "X-Vault-Token: mytoken" --request GET | jq
Enter fullscreen mode Exit fullscreen mode

Access keys are granted - does anyone know of a script/tool that's already in place that:

  1. Securely creates the payload.json with your LDAP password
  2. CURL's the Vault endpoint with the payload
  3. Deletes the payload file
  4. Retrieves the token
  5. CURL's the Vault endpoint with the token to retrieve the ephemeral access keys
  6. Loads the access keys in the .aws/credentials store

I've used before we moved to Vault but it's no longer applicable.

Should I write something and share?

Top comments (1)

dietertroy profile image