Logging into Hashicorp Vault via a GitHub token in the environment
This post's featured URL for sharing metadata is https://www.jvt.me/img/profile.jpg.
I've been working with Hashicorp Vault a fair bit over the years, and with one Vault instance I use, it requires login via a GitHub token.
When logging in, it defaults to requiring this to be interactive:
$ vault login -method github
GitHub Personal Access Token (will be hidden):
This is a bit of a pain, as then I need to go and fetch my GitHub token (usually via gh auth token
) and enter it interactively.
Something handy is that Vault has a built-in way to pick this up via the environment variable VAULT_AUTH_GITHUB_TOKEN
.
(Aside: I've raised a PR to get this documented more clearly, as the closest we see is the API docs, which is for a slightly different purpose)
With this environment variable set, vault
will then try to authenticate with this.
This means that instead, you can run:
$ env VAULT_AUTH_GITHUB_TOKEN=ghp_... vault login -method github
# or
$ env VAULT_AUTH_GITHUB_TOKEN=$(gh auth token) vault login -method github
Success! You are now authenticated. ...
This is super handy, and simplifies getting logged in.