| display_name | description | icon | maintainer_github | partner_github | verified | tags | |||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Hashicorp Vault Integration (JWT) |
Authenticates with Vault using a JWT from Coder's OIDC provider |
../.icons/vault.svg |
coder |
hashicorp |
true |
|
This module lets you authenticate with Hashicorp Vault in your Coder workspaces by reusing the OIDC access token from Coder's OIDC authentication method. This requires configuring the Vault JWT/OIDC auth method.
module "vault" {
source = "registry.coder.com/modules/vault-jwt/coder"
version = "1.0.20"
agent_id = coder_agent.example.id
vault_addr = "https://vault.example.com"
vault_jwt_role = "coder" # The Vault role to use for authentication
}Then you can use the Vault CLI in your workspaces to fetch secrets from Vault:
vault kv get -namespace=coder -mount=secrets coderor using the Vault API:
curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/data/coder"module "vault" {
source = "registry.coder.com/modules/vault-jwt/coder"
version = "1.0.20"
agent_id = coder_agent.example.id
vault_addr = "https://vault.example.com"
vault_jwt_auth_path = "oidc"
vault_jwt_role = "coder" # The Vault role to use for authentication
}data "coder_workspace_owner" "me" {}
module "vault" {
source = "registry.coder.com/modules/vault-jwt/coder"
version = "1.0.20"
agent_id = coder_agent.example.id
vault_addr = "https://vault.example.com"
vault_jwt_role = data.coder_workspace_owner.me.groups[0]
}module "vault" {
source = "registry.coder.com/modules/vault-jwt/coder"
version = "1.0.20"
agent_id = coder_agent.example.id
vault_addr = "https://vault.example.com"
vault_jwt_role = "coder" # The Vault role to use for authentication
vault_cli_version = "1.17.5"
}