/vault-token-helper-gopass

@HashiCorp Vault token helper for Gopass

Primary LanguageShell

frntn/vault-token-helper-gopass

gopass is a password manager for teams using GPG+GIT.

vault is a tool for managing secrets in modern computing environments.

From this blog post we learn how to create a token helper, allowing vault not to store its tokens on the filesystem but on a more secure storage area.

An example project, by Seth Vargo, implement an helper allowing vault to store its tokens to OSX Keychain

This project, implement an helper allowing vault to store its tokens to Gopass.

Prerequisites

A properly installed gopass ( >= 1.6.2 is required )

Also, vault tokens are not meant to be shared, so the vault helper stores the token in a private/ folder which can be a mounted store (handy if you only have 1 store setup and shared with your teams -- which may represent most gopass setup) :

# create a new store and mount it
gopass init --store private --path /path/to/your/new/store

# or mount an existing store
gopass mounts add private /path/to/your/exising/store

Usage

Start a server and update your ~/.vault file to use a custom token helper

$ ./demo.sh

Kill the demo server and cleanup folder

$ ./demo.sh clean

Context

Successfully tested on Ubuntu Xenial