vault_client_auth_github | R Documentation |
Vault GitHub Authentication Configuration
Vault GitHub Authentication Configuration
Interact with vault's GitHub authentication backend. For more details, please see the vault documentation at https://developer.hashicorp.com/vault/docs/auth/github
vaultr::vault_client_object
-> vault_client_auth_github
new()
Create a vault_client_github
object. Not typically
called by users.
vault_client_auth_github$new(api_client, mount)
api_client
A vault_api_client object
mount
Mount point for the backend
custom_mount()
Set up a vault_client_auth_github
object at a
custom mount. For example, suppose you mounted the github
authentication backend at /github-myorg
you might use gh <- vault$auth$github2$custom_mount("/github-myorg")
- this
pattern is repeated for other secret and authentication
backends.
vault_client_auth_github$custom_mount(mount)
mount
String, indicating the path that the engine is mounted at.
configure()
Configures the connection parameters for GitHub-based authentication.
vault_client_auth_github$configure( organization, base_url = NULL, ttl = NULL, max_ttl = NULL )
organization
The organization users must be part of (note American spelling).
base_url
The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.
ttl
Duration after which authentication will be expired
max_ttl
Maximum duration after which authentication will be expired
configuration()
Reads the connection parameters for GitHub-based authentication.
vault_client_auth_github$configuration()
write()
Write a mapping between a GitHub team or user and a set of vault policies.
vault_client_auth_github$write(team_name, policies, user = FALSE)
team_name
String, with the GitHub team name
policies
A character vector of vault policies that this user or team will have for vault access if they match this team or user.
user
Scalar logical - if TRUE
, then team_name
is
interpreted as a user instead.
read()
Write a mapping between a GitHub team or user and a set of vault policies.
vault_client_auth_github$read(team_name, user = FALSE)
team_name
String, with the GitHub team name
user
Scalar logical - if TRUE
, then team_name
is
interpreted as a user instead.
login()
Log into the vault using GitHub authentication.
Normally you would not call this directly but instead use
$login
with method = "github"
and proving the token
argument. This function returns a vault token but does not
set it as the client token.
vault_client_auth_github$login(token = NULL)
token
A GitHub token to authenticate with.
server <- vaultr::vault_test_server(if_disabled = message)
token <- Sys.getenv("VAULT_TEST_AUTH_GITHUB_TOKEN")
if (!is.null(server) && nzchar(token)) {
client <- server$client()
client$auth$enable("github")
# To enable login for members of the organisation "example":
client$auth$github$configure(organization = "example")
# To map members of the "robots" team *within* that organisation
# to the "defaut" policy:
client$auth$github$write("development", "default")
# Once configured like this, if we have a PAT for a member of
# the "development" team saved as an environment variable
# "VAULT_AUTH_GITHUB_TOKEN" then doing
#
# vaultr::vault_client(addr = ..., login = "github")
#
# will contact GitHub to verify the user token and vault will
# then issue a client token
# cleanup
server$kill()
}
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.