Back to Modules
Hashicorp Vault Integration (Token)
Hashicorp Vault Integration (Token)398 InstallsTests Passed: 9 months ago
398 Installs
Tests Passed: 9 months ago
Authenticates with Vault using Token
README
Variables (4)
Scripts (1)
Source
This module lets you authenticate with Hashicorp Vault in your Coder workspaces using a Vault token.
1variable "vault_token" { 2 type = string 3 description = "The Vault token to use for authentication." 4 sensitive = true 5} 6 7module "vault" { 8 source = "registry.coder.com/modules/vault-token/coder" 9 version = "1.0.7" 10 agent_id = coder_agent.example.id 11 vault_token = var.token 12 vault_addr = "https://vault.example.com" 13}
Then you can use the Vault CLI in your workspaces to fetch secrets from Vault:
1vault kv get -namespace=coder -mount=secrets coder
or using the Vault API:
1curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/data/coder"
Configuration
To configure the Vault module, you must create a Vault token with the the required permissions and configure the module with the token and Vault address.
- Create a vault policy with read access to the secret mount you need your developers to access.
1vault policy write read-coder-secrets - <<EOF 2 path "coder/data/*" { 3 capabilities = ["read"] 4 } 5 path "coder/metadata/*" { 6 capabilities = ["read"] 7 } 8 EOF - Create a token using this policy.
1vault token create -policy="read-coder-secrets" - Copy the generated token and use in your template.
Examples
Configure Vault integration and install a specific version of the Vault CLI
1variable "vault_token" { 2 type = string 3 description = "The Vault token to use for authentication." 4 sensitive = true 5} 6 7module "vault" { 8 source = "registry.coder.com/modules/vault-token/coder" 9 version = "1.0.7" 10 agent_id = coder_agent.example.id 11 vault_addr = "https://vault.example.com" 12 vault_token = var.token 13 vault_cli_version = "1.15.0" 14}