Vault GitHub Authentication Configuration
Source:R/vault_client_auth_github.R
vault_client_auth_github.Rd
Vault GitHub Authentication Configuration
Vault GitHub Authentication Configuration
Details
Interact with vault's GitHub authentication backend. For more details, please see the vault documentation at https://developer.hashicorp.com/vault/docs/auth/github
Super class
vaultr::vault_client_object
-> vault_client_auth_github
Methods
Inherited methods
Method new()
Create a vault_client_github
object. Not typically
called by users.
Usage
vault_client_auth_github$new(api_client, mount)
Arguments
api_client
A vault_api_client object
mount
Mount point for the backend
Method custom_mount()
Set up a vault_client_auth_github
object at a
custom mount. For example, suppose you mounted the github
authentication backend at /github-myorg
you might use gh <- vault$auth$github2$custom_mount("/github-myorg")
- this
pattern is repeated for other secret and authentication
backends.
Method configure()
Configures the connection parameters for GitHub-based authentication.
Usage
vault_client_auth_github$configure(
organization,
base_url = NULL,
ttl = NULL,
max_ttl = NULL
)
Arguments
organization
The organization users must be part of (note American spelling).
base_url
The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.
ttl
Duration after which authentication will be expired
max_ttl
Maximum duration after which authentication will be expired
Method write()
Write a mapping between a GitHub team or user and a set of vault policies.
Examples
server <- vaultr::vault_test_server(if_disabled = message)
#> ...waiting for Vault to start
#> ...waiting for Vault to start
token <- Sys.getenv("VAULT_TEST_AUTH_GITHUB_TOKEN")
if (!is.null(server) && nzchar(token)) {
client <- server$client()
client$auth$enable("github")
# To enable login for members of the organisation "example":
client$auth$github$configure(organization = "example")
# To map members of the "robots" team *within* that organisation
# to the "defaut" policy:
client$auth$github$write("development", "default")
# Once configured like this, if we have a PAT for a member of
# the "development" team saved as an environment variable
# "VAULT_AUTH_GITHUB_TOKEN" then doing
#
# vaultr::vault_client(addr = ..., login = "github")
#
# will contact GitHub to verify the user token and vault will
# then issue a client token
# cleanup
server$kill()
}