Score:0

Hashicorp Vault How Do I Login Headless From STDIN Using Bash Shell?

us flag

Given a Bash Shell say in a Docker container running on Gitlab, for example, how would I get the password to get passed in?

When I login with this:

 $ vault login -method=ldap username=myusername

It asks me for a password.

How do I get the prompt to not stop and for the password to be passed in as a variable?

I plan on using Gitlab Variables to pass in my password.

Score:1
cn flag

You should consider using JWT (JSON Web Token) mutual authentication between Gitlab and Vault. This way there's no need to save any passwords anywhere (including variables), that is you first obtain a temporary Vault token via JWT Auth like this:

export VAULT_TOKEN="$(vault write -field=token auth/jwt/login role=builder jwt=$CI_JOB_JWT)"

And then you can access necessary secrets like this:

export VCENTER_USER="$(vault kv get -field=username /kv/builder/vcenter-auth)"
export VCENTER_PASSWORD="$(vault kv get -field=password /kv/builder/vcenter-auth)"

And when finished you can revoke this temporary token by:

vault token revoke -self
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.