This is a small wrapper that allows you to access Hashicorp Vault behind a Pomerium auth proxy.
Assumes that you have vault
installed in your working path.
"pv" = pomerium -> vault
sudo -H pip3 install requests
cat main.py | sed -e 's/{{VAULT_ADDR}}/your.vault.address.com/g' > vlogin
chmod +x vlogin
sudo mv vlogin /usr/local/bin/vlogin
Put this function in your .bashrc file:
pv() { vault $1 -header "Authorization=Pomerium $(cat ~/.pomerium_jwt)" $2 $3 $4; }
Restart your terminal or
source ~/.bashrc
Then use as normal:
# login at the beginning of your session
pvlogin
# use 'pv' in-place of 'vault'
export VAULT_TOKEN=hvc.123.abc
pv status
pv kv get kv/test
... etc ...