Logging into Hashicorp Vault via a GitHub token in the environment

I've been working with Hashicorp Vault a fair bit over the years, and with one Vault instance I use, it requires login via a GitHub token.

When logging in, it defaults to requiring this to be interactive:

$ vault login -method github
GitHub Personal Access Token (will be hidden):

This is a bit of a pain, as then I need to go and fetch my GitHub token (usually via gh auth token) and enter it interactively.

Something handy is that Vault has a built-in way to pick this up via the environment variable VAULT_AUTH_GITHUB_TOKEN.

(Aside: I've raised a PR to get this documented more clearly, as the closest we see is the API docs, which is for a slightly different purpose)

With this environment variable set, vault will then try to authenticate with this.

This means that instead, you can run:

$ env VAULT_AUTH_GITHUB_TOKEN=ghp_... vault login -method github
# or
$ env VAULT_AUTH_GITHUB_TOKEN=$(gh auth token) vault login -method github
Success! You are now authenticated. ...

This is super handy, and simplifies getting logged in.

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #vault #github.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.