This agent is intended to make EC2 authentication against Vault as simple as possible. Simply launch the agent in the
background and anytime you need to access vault, your token is available at ~/.vault-token which is the default location
that the vault CLI looks for its access token.
Options for getting started:
- Download the latest release.
- Clone the repo:
git clone https://github.com/Brightspace/vault-ec2auth.git.
Typical usage:
- Run once and exit:
vault-ec2auth -role my_role - Run as agent:
vault-ec2auth -agent -role my_role
Upon launch, the agent will immediately attempt to connect to Vault at https://vault.service.consul:8200 to retrieve
a token for the requested role.
The token is written to ~/.vault-token and the nonce to ~/.vault-nonce.
If running in agent mode, it will then block for half of the lease duration before attempting to reauthenticate with Vault
using the nonce value stored in ~/.vault-nonce.
- Additional options can be seen by running the tool with no parameters.
By providing the -agent argument the agent will block until cancelled with ctrl+c. In this mode leases will be automatically
renewed at the half-life of the lease.
Vault EC2Auth Agent releases are maintained under the Semantic Versioning guidelines.
Please read through our contributing guidelines. Included are directions for opening issues, coding standards, and notes on development.