Demo repository containing the code for authenticating into a HashiCorp Vault cluster from GitHub Actions, get policies based on the environment of the GitHub job (e.g. branch name), and read secrets from Vault.
-
`.github/workflows/
-
jwt-auth-conf.sh
that creates and configures a Vault JWT auth method, with two roles,dev
andmain
, withbound_claims
mapping them to allow this repository'sdev
andmain
branches respectively to authenticate against them -
dev.policy
andmain.policy
, containing two policies for thedev
andmain
auth roles and branches respectively, giving access to different paths