This module lets you authenticate with Hashicorp Vault in your Coder workspaces using external auth for GitHub.
1module "vault" { 2 source = "registry.coder.com/modules/vault-github/coder" 3 version = "1.0.7" 4 agent_id = coder_agent.example.id 5 vault_addr = "https://vault.example.com" 6}
Then you can use the Vault CLI in your workspaces to fetch secrets from Vault:
1vault kv get -namespace=coder -mount=secrets coder
or using the Vault API:
1curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/data/coder"
To configure the Vault module, you must set up a Vault GitHub auth method. See the Vault documentation for more information.
github
)1module "vault" { 2 source = "registry.coder.com/modules/vault-github/coder" 3 version = "1.0.7" 4 agent_id = coder_agent.example.id 5 vault_addr = "https://vault.example.com" 6 coder_github_auth_id = "my-github-auth-id" 7}
1module "vault" { 2 source = "registry.coder.com/modules/vault-github/coder" 3 version = "1.0.7" 4 agent_id = coder_agent.example.id 5 vault_addr = "https://vault.example.com" 6 coder_github_auth_id = "my-github-auth-id" 7 vault_github_auth_path = "my-github-auth-path" 8}
1module "vault" { 2 source = "registry.coder.com/modules/vault-github/coder" 3 version = "1.0.7" 4 agent_id = coder_agent.example.id 5 vault_addr = "https://vault.example.com" 6 vault_cli_version = "1.15.0" 7}