vault_client_auth_github: Vault GitHub Authentication Configuration

Description

Interact with vault's GitHub authentication backend. For more details, please see the vault documentation at https://www.vaultproject.io/docs/auth/github.html

Arguments

Methods

custom_mount

Set up a vault_client_auth_github object at a custom mount. For example, suppose you mounted the github authentication backend at /github-myorg you might use gh <- vault$auth$github2$custom_mount("/github-myorg") - this pattern is repeated for other secret and authentication backends. Usage:

custom_mount(mount)

Arguments:

mount: String, indicating the path that the engine is mounted at.

configure

Configures the connection parameters for GitHub-based authentication. Usage:

configure(organization, base_url = NULL, ttl = NULL, max_ttl = NULL)

Arguments:

organization: The organization users must be part of (note American spelling).
base_url: The API endpoint to use. Useful if you are running GitHub Enterprise or an API-compatible authentication server.
ttl: Duration after which authentication will be expired
max_ttl: Maximum duration after which authentication will be expired

configuration

Reads the connection parameters for GitHub-based authentication. Usage:

configuration()

write

Write a mapping between a GitHub team or user and a set of vault policies. Usage:

write(team_name, policies, user = FALSE)

Arguments:

team_name: String, with the GitHub team name
policies: A character vector of vault policies that this user or team will have for vault access if they match this team or user.
user: Scalar logical - if TRUE, then team_name is interpreted as a user instead.

read

Write a mapping between a GitHub team or user and a set of vault policies. Usage:

read(team_name, user = FALSE)

Arguments:

team_name: String, with the GitHub team name
user: Scalar logical - if TRUE, then team_name is interpreted as a user instead.

login

Log into the vault using GitHub authentication. Normally you would not call this directly but instead use $login with method = "github" and proving the token argument. This function returns a vault token but does not set it as the client token. Usage:

login(token = NULL)

Arguments:

token: A GitHub token to authenticate with.

Examples

Run this code

# NOT RUN {
server <- vaultr::vault_test_server(if_disabled = message)
if (!is.null(server)) {
  client <- server$client()

  client$auth$enable("github")
  # To enable login for members of the organisation "vimc":
  client$auth$github$configure(organization = "vimc")
  # To map members of the "robots" team *within* that organisation
  # to the "defaut" policy:
  client$auth$github$write("development", "default")

  # Once configured like this, if we have a PAT for a member of
  # the "development" team saved as an environment variable
  # "VAULT_AUTH_GITHUB_TOKEN" then doing
  #
  #   vaultr::vault_client(addr = ..., login = "github")
  #
  # will contact GitHub to verify the user token and vault will
  # then issue a client token

  # cleanup
  server$kill()
}
# }

Run the code above in your browser using DataLab