Add glsh vault
Add a glsh vault
command to help with the SOCKS proxy for Vault CLI.
❯ glsh vault
USAGE:
glsh vault [SUBCOMMAND]
SUBCOMMANDS:
init Initialize the shell environment for Vault
login Login into Vault
proxy Start a SOCKS5 proxy for Vault through the ops bastion
❯ glsh vault init
# Initialize your Vault environment automatically by appending the following
# to ~/.bashrc or ~/.zshrc:
eval "$(glsh vault init -)"
# Restart your shell for the changes to take effect.
❯ glsh vault init -
VAULT_ADDR="https://vault.ops.gke.gitlab.net"; export VAULT_ADDR
vault-proxy() { eval "$(glsh vault proxy "$@")" }
❯ eval "$(glsh vault init -)"
❯ echo $VAULT_ADDR
https://vault.ops.gke.gitlab.net
❯ typeset -f vault-proxy
vault-proxy () {
eval "$(glsh vault proxy "$@")"
}
❯ glsh vault proxy
Open a new shell and run the following before using Vault:
export VAULT_PROXY_ADDR="socks5://localhost:18200"
[vault] Starting SOCKS5 proxy on port 18200 through lb-bastion.ops.gitlab.com...
Connected! Press Enter to disconnect.
❯ glsh vault login
[vault] Logging into Vault at https://vault.ops.gke.gitlab.net with role "user"...
Complete the login via your OIDC provider. Launching browser to:
https://accounts.google.com/o/oauth2/v2/auth?...
Waiting for OIDC authentication to complete...
❯
When running in tmux
, the glsh vault proxy
will run the proxy command in a split window, and its outputs can be eval'd, the function vault-proxy
is here for that.
Part of gitlab-com/gl-infra&843 (closed)
Edited by Pierre Guinoiseau