Hashicorp Vault AppRole with SOPS

In [this documentation](https://fluxcd.io/docs/guides/mozilla-sops/#encrypting-secrets-using-hashicorp-vault) the only available authentication is a Vault Token. 

The issue with a Vault Token is it's intended to be short-lived, it can be renewed but by an outside process which is harder at scale.

Ideally we should be able to use the Vault AppRole Engine, so we pass in a Role-ID and a Secret-ID (Normally as a secret), which is used to obtain a short lived token for the transaction.

**Documentation**

[Vault AppRole](https://www.vaultproject.io/docs/auth/approle)

[Flux with SOPs and Hashicorp Vault](https://fluxcd.io/docs/guides/mozilla-sops/#encrypting-secrets-using-hashicorp-vault)

[external-secrets.io using AppRole authentication with Vault](https://external-secrets.io/v0.5.7/provider-hashicorp-vault/#approle-authentication-example)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Hashicorp Vault AppRole with SOPS #695

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Hashicorp Vault AppRole with SOPS #695

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions