Add glsh vault (!5143) · Merge requests · GitLab.com / Runbooks

Pierre Guinoiseau requested to merge pguinoiseau/glsh-vault into master Nov 17, 2022

Add a glsh vault command to help with the SOCKS proxy for Vault CLI.

❯ glsh vault
USAGE:
    glsh vault [SUBCOMMAND]

SUBCOMMANDS:
    init    Initialize the shell environment for Vault
    login   Login into Vault
    proxy   Start a SOCKS5 proxy for Vault through the ops bastion
❯ glsh vault init
# Initialize your Vault environment automatically by appending the following
# to ~/.bashrc or ~/.zshrc:

eval "$(glsh vault init -)"

# Restart your shell for the changes to take effect.
❯ glsh vault init -
VAULT_ADDR="https://vault.ops.gke.gitlab.net"; export VAULT_ADDR
vault-proxy() { eval "$(glsh vault proxy "$@")" }
❯ eval "$(glsh vault init -)"
❯ echo $VAULT_ADDR
https://vault.ops.gke.gitlab.net
❯ typeset -f vault-proxy
vault-proxy () {
        eval "$(glsh vault proxy "$@")"
}
❯ glsh vault proxy
Open a new shell and run the following before using Vault:

export VAULT_PROXY_ADDR="socks5://localhost:18200"

[vault] Starting SOCKS5 proxy on port 18200 through lb-bastion.ops.gitlab.com...
Connected! Press Enter to disconnect.
❯ glsh vault login
[vault] Logging into Vault at https://vault.ops.gke.gitlab.net with role "user"...
Complete the login via your OIDC provider. Launching browser to:

    https://accounts.google.com/o/oauth2/v2/auth?...


Waiting for OIDC authentication to complete...
❯

When running in tmux, the glsh vault proxy will run the proxy command in a split window, and its outputs can be eval'd, the function vault-proxy is here for that.

Part of gitlab-com/gl-infra&843 (closed)

Edited Nov 17, 2022 by Pierre Guinoiseau

Add glsh vault

Merge request reports